ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 18
THE
Doctrines of Effective
Cyber Defense
As we already discussed, there are
five tenets to a reliable Cybersecurity
program:
Offence informs defense: Build more
effective security measures learning
from past attacks and threats. Only
controls proven to be effective should
be considered.
Prioritisation: Prioritise the controls
that have been effective in the
real-world against threats. The ease
of implementation should also be a
consideration.
Measurements and metrics:
Measurements and metrics are
essential to assess the effectiveness
of your security measures. They also
enable all stakeholders in your security
team to speak the same language.
GROUPS
The CIS understands that not every Business or
Organisation will have the means, budget or requirement
to properly implement all the Safeguards that they
recommend.
To combat this, all of the Safeguards underneath each
Control are categorised into Implementation Groups.
Each Implementation Group builds on the one before
it, so IG2 includes all the Safeguards from IG1 and IG3
includes all the Safeguards from both IG1 and IG2.
Continuous diagnostics and
mitigation: Test and assess your
security protocols regularly to help
implement the next steps.
A good goal for an organisation or business of any size is
to start with implementing everything that as a part of
Implementation Group 1 (IG1).
Automation: Automate your
cybersecurity activities to ensure
compliance and gain a reliable and
scalable cyber defense.
Once they have implemented all IG1 Safeguards Depending
on requirements and budget, , they can then start to
implement Safeguards from Implementation Group 2
(IG2).
The CIS Controls best practices help
enterprises to counter and prevent
cyber attacks and threats. The controls
are divided into three categoriesbasic, foundational, and organisational
controls.
18
IMPLEMENTATION
Finally, again depending on requirements and budget,
they can then start to implement Safeguards from
Implementation Group 3 (IG3).
