CIScontrols

Center for Internet Security Controls (CIS Controls ) are a collection of cybersecurity best practices designed to help organisations protect their systems and data from cyber threats. These controls provide a structured approach to reducing risk, regardless of the size of the organisation. CIS Controls are globally recognised and are often used as a guide to establish and strengthen a robust security strategy.

What are the CIS Controls?

CIS Controls are a set of 18 specific actions that organisations can take to secure their IT systems against the most common cyber threats. These controls were developed by the Center for Internet Security (CIS), a non-profit organisation dedicated to improving global cybersecurity. The checks are based on real-world insights and are constantly evolving to address emerging threats.

The 18 CIS Controls are divided into three categories, depending on an organisation's level of priority and resources:

  1. Basic Controls (1-6): These are the essential actions every organisation must implement to provide a basic level of protection.
  2. Foundational Controls (7-16): These controls build on the basic controls and provide deeper protection through more advanced measures.
  3. Organisational Controls (17-18): These controls focus on management and establishing a strong security culture within the organisation.

The 18 CIS Controls

  1. Inventory of Managed AssetsProvide a detailed overview of all hardware and devices in your network. This helps identify unauthorised devices and reduces the risk of unwanted access.
  2. Inventory of SoftwareKeep a list of all installed software and restrict the use of unauthorised applications. This prevents malicious or unwanted software from running on systems.
  3. Vulnerability ManagementDoregular security scans to identify vulnerabilities in systems and applications and resolve them quickly through patches or updates.
  4. User Control with Administrative RightsRestrict and control who has administrative rights within the organisation. This prevents unauthorised users from changing important system settings.
  5. User and Access ManagementEnsure strict access management where each user can only access the information and systems required for their job.
  6. Managing Security ConfigurationsEstablish security configurations for hardware and software to minimise vulnerabilities. This includes, for example, firewall settings, password policies and encryption.
  7. Continuous Monitoring and LoggingEnsure that all systems are continuously monitored and logs are kept of activities. This helps to quickly identify suspicious activity.
  8. Malware protectionImplement and maintain malware protection programmes to protect systems from viruses, worms, ransomware and other malicious software.
  9. Email and Web Browser SecurityProtectemail and browser systems from attacks such as phishing, drive-by downloads and exploits of outdated software.
  10. Backup and Recovery of DataEnsure regular backups of critical data and test recovery procedures to prevent data loss in case of an incident.
  11. Secure Software ManagementApply security practices at every stage of software development, from design to deployment, to minimise vulnerabilities.
  12. Securing Network Ports, Protocols and ServicesManagenetwork access by closing unused ports and services and using only allowed protocols to reduce the likelihood of attacks.
  13. Data protectionImplement measures such as encryption and access control to protect sensitive information from unauthorised access and loss.
  14. Monitoring Network SecurityUsetools such as firewalls and intrusion detection systems to monitor network traffic and block potential attacks.
  15. Mobile Device SecurityImplementsecurity measures for mobile devices such as smartphones and tablets, including encryption and remote management, to protect sensitive data.
  16. Account Monitoring and ManagementMonitor user accounts and ensure that inactive accounts are quickly deleted or disabled to prevent unauthorised access.
  17. Implementation of a Security Awareness ProgrammeConduct regular training for employees to make them aware of cyber threats such as phishing and social engineering.
  18. Incident response and managementDevelopand test a detailed incident response plan to quickly respond to cyber attacks and mitigate the impact.

The Importance of CIS Controls

CIS Controls help organisations systematically manage risk and strengthen their security. By implementing these controls, companies can protect themselves from the most common cyber threats, such as malware, phishing and attacks on vulnerable systems.

Key benefits of implementing CIS Controls:

  • Strengthened security: CIS Controls provide a framework that helps organisations take the right measures to secure their IT systems.
  • Risk management: Organisations can better respond to potential risks and cyber-attacks by focusing on areas that are most vulnerable.
  • Compliancy: CIS Controls are in line with many international standards and regulations, such as the GDPR, NIST and ISO 27001, which helps comply with legal obligations.
  • Cost efficiency: By prioritising the most critical security measures, organisations can make effective use of their security budgets and resources.
dreamstime_xxl_126587946.jpg

CIS Controls in Practice

The CIS Controls can be easily adapted to the size and complexity of an organisation. Smaller organisations can start with the basic controls (1-6) and expand their security programmes over time, while larger companies can fully implement the controls.

CIS also offers tools, such as the CIS Controls Implementation Guide and CIS-CAT (CIS Configuration Assessment Tool), to help organisations assess their security level and easily implement the right controls.

The Future of CIS Controls

Cyber threats continue to evolve, which is why CIS Controls also continue to evolve. New versions of the controls are released regularly to take into account new technologies and emerging threats such as cloud security, artificial intelligence and Internet of Things (IoT). This means that organisations following the CIS Controls have access to the most up-to-date strategies to secure their networks and data.

Choose IRM360

With IRM360, you are assured a secure and compliant future in a scalable, practical and cost-efficient way.

With our other management systems for Privacy, Business Continuity, Artificial Intelligence and Risk Awareness, among others, you can easily expand your control at your pace.

Contact us today for more information or request an online demo of our software.

 

Click here to request an online demo.

dreamstime_xxl_34685949.jpg

ISO 27001

Meet information security requirements in a structured and simple way

Read more

ISO27701 AVG.jpg

ISO 22301

Make sure your organisation is ready for Business Continuity certification!

Lees meer

Normen-ISMS-Cyber-Security.jpg

Cybersecurity Framework

Better protect your organisation from cyber attacks through the NIST guidelines!

Read more

More about the IRM360 Management System?

Click here for more information!

We would love to get in touch.

Mail to: sales@irm360.nl or fill in the contact form.