CIS CONTROLS
Cybersecurity Controls to Meet the Needs of Any Size Business
CIS version 8 includes 18 security domains with controls to help businesses of all shapes and sizes mitigate the risk of cyber threats. CIS delivers three implementation groups to support the need and complexity of their mission-critical systems throughout every step of their growth.
How Do the Controls Help?
The CIS Controls provide businesses with the tools and guidance needed to create a comprehensive security program. The Controls provide recommendations and guidelines to help protect each layer of your infrastructure, including your endpoints, networks, and cloud environments.
By using CIS Controls, businesses can create a proactive security strategy that will help reduce the risk of cyber-attacks and other security incidents.
Cybrance and CIS Controls help streamline security management processes by providing an organized framework for identifying which areas need attention and prioritizing tasks for implementation across the organization’s IT infrastructure.
This makes it easier to develop policies that are both practical and effective in keeping data secure while still allowing business operations to remain agile in today’s ever-changing digital landscape
Streamline Security Management?
Collaborate with Ease
Cybrance and CIS also promote collaboration between different stakeholders within the organization by making it easier to spot gaps in security protocols and work together towards addressing them quickly and effectively before any major damage is done. Delgation allows you to invite users both internally and externally to assist in thre preparation process.
Implementation Groups
IG1
Consisting of 56 Safeguards, IG1 is typically used by small-to-mid-sized businesses who limited cybersecurity expertise.
They are generally vulnerable to non-targeted attacks and use commercial off-the-shelf (COTS) hardware and software. Information tends to include employee and financial information. Outages can disrupt normal operations and they have a low tolerance for downtime.
IG2
This group adds 74 Safeguards, IG1 is geared to enterprises utilizing enterprise-grade technology and has specialized expertise on staff to manage and protect critical infrastructure.
These organizations generally have multiple departments with differing risk profiles. Data stored may include sensitive enterprise and client data with a risk of loss of public confidence in an outage.
IG3
23 Safeguards are added in IG3. Organizations in this group generally have security experts on staff with areas of specialization including risk management, penetration testing, and application security.
These organizations generally have data that falls under regulatory and compliance oversight. Sensitive data is highly targeted and a successful attack can potentially harm public welfare.