Qualys Blog

www.qualys.com
2 posts

Implementing the CIS 20 Critical Security Controls: Make Your InfoSec Foundation Rock Solid

For almost 10 years, thousands of organizations eager to solidify their security and compliance foundations have found clarity and direction in the the Center for Internet Security’s Critical Security Controls (CSCs).

This structured set of 20 foundational InfoSec best practices, first published in 2008, offers a methodical and prioritized approach for securing your IT environment. Mapping effectively to most security control frameworks, government regulations, contractual obligations and industry mandates, the CSCs can cut an organization’s risk of cyber attacks by over 90%, according to the CIS.

These battle-tested controls, described in a free document that has been downloaded more than 70,000 times, were developed and are maintained by a global team of expert volunteers from all cybersecurity sectors, including government, industry and academia.

A detailed plan that can help you boost your security and compliance posture is more relevant than ever, now that attacks are getting more sophisticated and aggressive, and that throwing money at the problem hasn’t proven to be the solution.

In the SANS Institute paper “Leading Effective Cybersecurity with the Critical Security Controls”, author Wes Whitteker noted that while investments in cybersecurity have boomed in recent years, so have the number of major data breaches.

According to Whitteker, the global cybersecurity problem is being met with ineffective responses due to organizations’ lack of a solid cybersecurity foundation.

“If the functions that set an organization’s cybersecurity foundation are flawed, it is very likely that the solutions they choose will be flawed, too,” he writes. “The CSCs offer a framework that provides the critical visibility needed to aid in strategy development and manage existing organizational environments.”

In this blog series, we’ve explained how Qualys Cloud Platform — a single, integrated, end-to-end platform for discovery, prevention, detection, and response — and its Qualys Cloud Apps can help security teams of any size to broadly and comprehensively adopt the CIS controls.

We first discussed how Qualys can help organizations slash risk of cyber attacks by 85% with the first five controls. In our second post, we explained the benefits of building upon that “foundational cyber hygiene” with controls six through 10. And last week we delved into more sophisticated techniques with controls 11 through 15.

In this, our fourth and last installment, we’ll discuss controls 16 through 20. Continue reading …

Implementing the CIS 20 Critical Security Controls: Building Upon Foundational Cyber Hygiene

Most successful cyber attacks exploit known vulnerabilities for which patches are available, or take advantage of weak configuration settings that could have been easily hardened. You can significantly lower the risk of being victimized by this type of common, preventable attack by adopting the Center for Internet Security’s Critical Security Controls (CSCs).

This set of 20 structured InfoSec best practices offers a methodical and sensible plan for securing your IT environment, and maps to most security control frameworks, government regulations, contractual obligations and industry mandates.

The CSCs were first developed in 2008 and are periodically updated by a global community of volunteer cybersecurity experts from government, academia and industry. “The CIS Controls provide a prioritized approach to cyber security, starting with the most essential tasks and progressing to more sophisticated techniques,” Tony Sager, CIS Chief Evangelist, wrote recently.

In this blog series, we’re explaining how Qualys Cloud Platform — a single, integrated, end-to-end platform for discovery, prevention, detection, and response — and its Qualys Cloud Apps can help security teams of any size to broadly and comprehensively adopt the CIS controls.

Continue reading …