ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 17
CIS ControlsTM
The CIS Controls™ is a set of 18 actions that
make up the best practices to tackle major
attacks against systems and networks. The
best practices are developed by a bunch
of IT experts with years of experience in
Cybersecurity. They come from a range of
industries, including government, defense,
healthcare, education, retail, manufacturing,
and others. The CIS Controls are considered
to be an international-level collection of best
security practices.
Over the years, various forms of cyber
attacks have targeted businesses. They
include data breaches, stealing of credit card
information, theft of identity and intellectual
property, denials of service, privacy
breaches, and much more. Experts have
developed a range of security protocols to
address these cyber threats, which is termed
as Cyber Defense.
The IT Industry uses a plethora of resources
and tools to counter Cyber Threats.
We also have different technologies,
security controls, vulnerability databases,
certifications, training material, and security
checklists too. We have access to studies
and reports, tools, notification services, and
more to keep us protected from any form of
Cyber Threat. The IT Industry also depends
on a number of regulations, risk assessment
frameworks, and security requirements to
keep themselves safe from cybercrime.
However, this overload of information and
technology often leads to confusion. The
competing security measures and options
can paralyse an organisation from taking the
required step to counter Cybercrime. In the
present day, the business process has grown
more complex along with the proliferation of
mobile devices and expanding dependencies.
The advance in technology has led to the
distribution of data across several channels,
even outside the organisation. As a result,
security has transformed from a standalone
problem to a multi-faceted threat in this
interconnected world.
The average cost of
a ransomware attack
on businesses was
$133,000.
The situation brings up the need to act as
a community and come up with solutions
and support for different industries, sectors,
and partnerships. We need to use our
knowledge and advancing technology
to create solutions that address the
crucial aspects of an organisation’s risk
management approach. Such an approach
will be a step in the right direction and help
enterprises take the proper steps to resolve
security issues. The best way to do this is to
follow a roadmap of fundamentals that help
organisations develop their Cyber Defense
and security protocols.
The CIS ControlsTM were developed
based on the above principles to help
organisations take a holistic approach
towards Cybersecurity. They were originally
created as a grass-roots program to help
cut down the confusion and focus on
fundamental actions that enable a business
to overcome cyber threats. The controls are
intrinsically valuable and provide the data
and knowledge to organisations for staying
alert, responding, and preventing Cyber
Attacks.
The CIS ControlsTM are led by CIS®, a global
community that offers the following:
• Shared insight into Cybercrimes, Cyber
Attacks, and threats to get to the root
cause of problems and come up with
appropriate measures.
• Documentation of all required
approvals and distribution of critical
tools.
• Tracking of the nuances of a threat,
including growth, severity, and
intrusiveness.
• Highlighting of the importance of
CIS ControlsTM to help make them
compliant with regulatory frameworks.
• Sharing of knowledge, tools, working
aids, translations, and more.
• Tackling the common threats before
they become serious and implement
roadmaps to solve them as a
community.
The CIS Controls are made up of a highlyactionable collection of actions that
organisations can implement, use, and
scale. The controls also comply with most
applicable laws and security safeguards and
are backed by the IT Community.
We help our Clients align with the CIS
ControlsTM to help Safeguard their business.
17
