Practice cyber hygiene with 6 basic CIS controls

Start with CIS basic controls for organizational cybersecurity.

The list of this century’s biggest data breaches, which have exposed more than 4.99 billion records, reads like a corporate who’s who: Yahoo, eBay, Equifax, Heartland Payment Systems, Target, TJX Companies and JPMorgan Chase all made the top ten. Equally disturbing is the fact that eight of the top 10 occurred within the last five years.

This begs the question: are we getting any better at protecting our organizations from cyberattacks? HelpNetSecurity answers with a resounding “no”: “Organizations are not where they need to be when it comes to protecting their online ecosystems against attacks and the reality of the situation is troubling.”

But there is good news; it is possible to significantly reduce your risk of cyberattack. Using the Center for Internet Security (CIS) Controls as a framework, organizations can build and maintain a strong cybersecurity posture, even with budget and resource limitations. These controls, considered the gold standard, are purposefully designed to be both user—and budget—friendly.

What Are the CIS Controls?

According to the SANS Institute, the CIS Controls were born out of a public-private partnership that included the Department of Defense (DoD), National Security Administration (NSA), CIS and SANS. Their objective was to “provide the same type of control-prioritization knowledge for civilian government agencies and critical infrastructure” that the NSA had developed for the DoD to help it prioritize its cybersecurity spending.

 

continue reading »