Question

Consider the CIS (20) Critical Controls. Identify and list what you believe to be the most...

Consider the CIS (20) Critical Controls. Identify and list what you believe to be the most important and perhaps easiest to quickly implement and validate compliance.

0 0
Add a comment Improve this question Transcribed image text
Answer #1

Hello! The 20 CIS controls are classified as per the cyber security standards as below.

BASIC CIS CONTROLS

1. Inventory and Control of Hardware Assets

2. Inventory and Control of Software Assets

3. Continuous Vulnerability Management

4. Controlled Use of Administrative Privileges

5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

6. Maintenance, Monitoring and Analysis of Audit Logs

FOUNDATIONAL CIS CONTROLS

7. Email and Web Browser Protections

8. Malware Defenses

9. Limitation and Control of Network Ports, Protocols and Services

10. Data Recovery Capabilities

11. Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

12. Boundary Defense

13. Data Protection

14. Controlled Access Based on the Need to Know

15. Wireless Access Control

16. Account Monitoring and Control

ORGANISATIONAL CIS CONTROLS

17. Implement a Security Awareness and Training Program

18. Application Software Security

19. Incident Response and Management

20. Penetration Tests and Red Team Exercises

The fundamental controls remain the same, but they are separated into three distinct categories: basic, foundational and organizational.

• The basic category comprises of the first six Controls 1-6 which forms the bare minimal requirements for essential cyber defense readiness. Implementing these controls will reduce a huge part of the attack surface when a hacker is trying to break into the system.

  
• The foundational category contains the CIS Controls from seventh to the sixteenth. This is next step up after the basic controls and it states the set of best practices that can be followed by any organization to proactively take measures against cyber-attacks.
  
• The last and final Organizational category covers the last four of the CIS Controls. These controls are more focused towards the people and processes aspect of an enterprise cybersecurity.

Just by implementing the first two of the CIS controls, we are able to tackle both the financial and the security goals of any cybersecurity based project. This is one of the main reasons for us to choose CIS Cybersecurity framework. Also, unlike other frameworks which vaguely describes different aspects of an enterprise security in a theoretical manner, CIS Security Framework gets the job done in an accurate and a hands-on practical manner. It gets into step by step technical details, which is easy to understand and simple to implement.

Add a comment
Know the answer?
Add Answer to:
Consider the CIS (20) Critical Controls. Identify and list what you believe to be the most...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT