The Center for Internet Security (CIS) is a nonprofit devoted to helping people, businesses and governments protect themselves from cyber threats. It is globally recognized for developing the best practices for securing IT systems and data. The CIS distills advice into a recommended set of actions. These are called the CIS Critical Security Controls. Internos Group created a CIS Checklist as a simple and easy way to see where your company stands in implementing the CIS critical controls.
The CIS Critical Security Controls define the 18 must-have controls to help companies defend against cyber attacks. It focuses attention and resources on additional risk issues that are unique to each business or mission. The controls were determined with input from experts from every sector of business.
The CIS Controls are not not a replacement for any existing regulatory, compliance or authorization scheme. They map to most major compliance frameworks and have been defined for these other frameworks to give a starting point for action.
There could be a lot more than 18 controls, but the consensus was that these 18 actions can thwart the majority of known attacks today. They provide the framework for automation and systems management that should serve cyber defense in the future.
The CIS Controls are updated and reviewed through an informal community process. Government, industry and academic participants each bring deep technical understanding from across multiple viewpoints (e.g., vulnerability, threat, defensive technology, tool vendors, enterprise management) and pool their knowledge to identify the most effective technical security controls needed to stop the attacks they are observing.
Still Not Sure What the CIS Checklist Is?
Sorting through best cyber security practices shouldn’t distract you from your “real job.” If you need assistance in implementing CIS Controls at your business, we’re here to help. Contact us or book a meeting.
View all FAQs
A vulnerability is a weak spot in a system. Vulnerabilities enable hackers and crackers to gain access to a network. It is virtually impossible to have no weak spots, and not all weak spots exist inside the code itself. The biggest vulnerability for many companies is people. Human examples of vulnerabilities include a human response…
A zero day attack happens when a hacker takes advantage of an unpatched or previously unknown vulnerability for the first time (also known as a zero day vulnerability). Some examples of zero day exploits include: Critical system vulnerabilities and exposures are tracked by some organizations and websites to distribute to others. They maintain lists of…
There are multiple benefits associated with IT service management, including: Aside from the benefits above, the day-to-day conveniences of using an ITSM are many. ITSM is not just support via a help desk or a service desk. While an ITSM may support your business via a service desk, the offerings are much broader than that….
Use our Checklist to Find IT Support
Are you a first-timer to IT support? Maybe you aren’t happy with your current MSP? Our easy-to-follow checklist can guide you through the process of the best IT services provider for your business. It will help you help you outline and define:
- Your business goals for the next few years
- The stats that potential MSPs will need to work out a plan for your company
- The risk areas in your backup and cyber security practices
- What you expect from your IT support provider
- And more!
