Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises

Recently the Center for Internet Security (CIS) released the CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises (SMEs). The Implementation Guide is directly mapped to the CIS Critical Security Controls and is focused on actionable steps that can be taken right now to assess and improve the cyber security posture and preparedness, particularly in small and medium sized enterprises. Recently a webinar with some of the team members who helped develop the Implementation Guide was made recorded.  

 

The guide focuses on 3 key areas of

  • Know your environment
  • Protect your assets
  • Prepare your organization

 

I especially like the questions that are provided in the Implementation Guide

  • Do you know what is connected to your computers and networks?
  • Do you know what software is running on your systems and networks?
  • Do you set up your computers with security in mind?
  • Do you manage who has access to sensitive information or who has extra privileges?
  • Is your staff clear about their role in protecting your organization from cyber incidents?

 

When reviewing these questions, especially for the first time, you may not like your answers very much. I encourage you to use your answers as as motivation to apply focused attention to achieve better answers over the next 30 days. No matter the size of your enterprise, I believe there is something in the Implementation Guide for you!

 

Russell Eubanks

ISC Handler

SANS Instructor

@russelleubanks

Russell

88 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!