Back in 2018, the State of Security spent a lot of time going over v7 of the Center for Internet Security’s Critical Security Controls (CIS Controls). We noted at the time how the Center for Internet Security shuffled the order of requirements for many of the existing controls in that version. It also cleaned up the language of the CIS Controls, simplified some working, removed duplicate requirements, and created an abstract for each of the security measures.Wait, What Are the CIS Controls Again?Just as a reminder, the CIS Controls are a set of recommended actions that organizations can use to defend themselves against some of the most pervasive attacks in the threat landscape today. They serve as a starting point for organizations in that effort. As noted on the Center for Internet Security’s website, the Critical Security Controls use prioritization to help organizations to figure out where their digital defenses begin, focus their resources on actions that can provide protection against high-risk items, and then invest their remaining time and energy in tackling additional sources of digital risk for the business.The Constant Flow of ChangeThe CIS Controls are not a static entity. On the contrary, they regularly undergo an informal community process in which industry, government, and academic actors review the CIS Controls. Those individuals can then issue updates based upon organizations’ changing network environments and on the evolving digital threat landscape.Those factors help to explain the release of
Support the originator by clicking the read the rest link below.
