ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 28
CONTROL 09
09 - Email and Web Browser Protections
Safeguards Total
7
IG1
2/7
IG2
6/7
IG3
7/7
Improve protections and detections of threats from email and web vectors,
as these are opportunities for attackers to manipulate human behavior
through direct engagement.
Why Is This CIS Control Critical?
Web browsers and email clients are very
common points of entry for attackers
because of their direct interaction with
users inside an enterprise. Content can
be crafted to entice or spoof users into
disclosing credentials, providing sensitive
data, or providing an open channel to allow
THE SAFEGUARDS
9.1
Ensure Use of Only Fully
Supported Browsers and Email
Clients
Applications
9.2
Use DNS Filtering Services
Network
9.3
Protect
Maintain and Enforce NetworkBased URL Filters
Network
attackers to gain access, thus increasing
risk to the enterprise. Since email and web
are the main means that users interact
with external and untrusted users and
environments, these are prime targets for
both malicious code and social engineering.
Protect
Protect
9.4 Restrict Unnecessary or
Unauthorised Browser and
Email Client Extensions
Applications
9.5
Protect
Implement DMARC
Network
Protect
9.6 Block Unnecessary File Types
Network
9.7
Protect
Deploy and Maintain Email
Server Anti-Malware
Protections
Network
Protect
28
Did You Know?
The top malicious email attachment types are Office documents which make up 38%,
the next highest is Archive (.zip etc.) at 37%. A multi-layered approach to web and email
protection is vital.
1
2
3
4
5
Asset Type Security Function
1= Asset Type
2= Security Function
3= Implentation Group 1
4= Implentation Group 2
5= Implentation Group 3
