Cyber-attacks are becoming increasingly common in today's business world. Organizations create, store, and transmit large amounts of data every minute of every day that if stolen could prove disastrous. Because of this, businesses are now more responsible than ever to protect their organization's and their clients' data from harm. However, for many small-medium sized businesses (SMBs) this is a tall order. These companies are traditionally too understaffed and under resourced to effectively defend against the more advanced cyber threats that impact their business. Using the CIS Controls, SMBs can accurately defend their organization from the most common cyber threats businesses face today.
What Are the CIS Controls?
The CIS Controls were established in 2008 by the Center for Internet Security (CIS) to provide actionable controls and practices that are proven to be effective against the most common and malicious threats. Originally 20 controls, the list has been condensed to 18 and is now in its 8th version. The controls are regularly reviewed and updated by a community of experts as the threat landscape grows and evolves. These experts represent a wide range of fields and industry including academia, government, and private industry. This allows the controls to have a diverse pool of information and guidance.
How are They Structured?
The CIS Controls are structured in a way that makes them easier to understand and implement. Version 8 is comprised of 18 controls that each contain various safeguards that entities can implement into their security plan. These safeguards are then further divided into implementation groups.
The Implementation Groups:
IG1 - Implementation group 1 outlines fundamental cybersecurity guidelines that every organization must meet at the bare minimum. The 56 safeguards contained in this group are effective for defending against very general, non-targeted attacks.
IG2 - The second implementation group is comprised of 74 safeguards that are designed to help organizations manage diverse risk profiles across different departments. For instance, an organization accounting department will have different security requirements than that of the IT department.
IG3 - The third implementation group applies to organizations that handle secure and confidential data from advanced threats. This data could be regulatorily or personal in nature.
The 18 Controls:
You can learn more about the controls in detail and how CorpInfoTech implements them by reading our whitepaper!
CorpInfoTech and the CIS Controls
CorpInfoTech has implemented the CIS Controls into our cybersecurity process since its inception in 2008. The controls serve as the foundation for all of our services including security assessments, firewall management, vulnerability management, and compliance.
In November of 2023, CorpInfoTech was the first to receive accreditation by the Center of Internet Security for our expertise in implementing the CIS controls. When it pertains to the implementation of the CIS Controls, CorpInfoTech is above the rest!
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services, including security assessment, cybersecurity penetration tests, managed services (MSP), firewall management, and vulnerability management. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.