ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 19
Each of the 18 CIS Controls has a number of Safeguards that form a part of it.
There are 153 in total. These 153 Safeguards are categorised into three (3) groups:
Implementation Group 1 (IG1) has 56, Implementation Group 2 (IG2) has 74 &
Implementation Group 3 (IG3) has an additional 23 Safeguards.
Implementation Group 1 (IG1) - Basic Cyber Hygiene
In most cases, an IG1 enterprise is typically small to medium-sized with
limited IT and Cybersecurity expertise to dedicate towards protecting IT
assets and personnel. A common concern of these enterprises is to keep
the business operational, as they have a limited tolerance for downtime.
Implementation Group 2 (IG2)
An IG2 enterprise usually employes individuals or an external party such
as a Managed Service Provider (MSP) to help manage and protect IT
Infrastructure. These enterprises typically have multiple departments
with different risk profiles based on job function and mission.
Implementation Group 3 (IG3)
An IG3 Enterprise typicaly employs dedicated security experts that
specialise in the different facets of Cybersecurity. The Assets and Data
of an IG3 Enterprise typically contain sensitive information and they are
often subject to regulatory and compliance oversight.
19
