Posted in AZ-500 Azure Security Engineer Associate, Azure Security Engineer, MS 365 Security Administrator, MS Cyber Security Architect Expert, Security

What is Center for Internet Security (CIS)

   March 5, 2023

CIS (Center for Internet Security) is a non-profit organization that provides best practices and guidelines for securing computer systems and networks. The organization develops a range of security standards, benchmarks, and tools that are widely used by organizations to improve their IT security posture.

CIS provides a number of resources to help organizations improve their IT security, including:

  1. CIS Controls: A set of 20 security controls that organizations can implement to improve their cybersecurity posture. The controls cover areas such as inventory and control of hardware assets, continuous vulnerability management, and incident response.
  2. CIS Benchmarks: A set of best practice recommendations for securely configuring various types of systems, including operating systems, databases, and web servers. The benchmarks provide specific guidance on how to configure systems to reduce the risk of common vulnerabilities.
  3. CIS-CAT Pro: A tool that helps organizations assess their compliance with the CIS Controls and Benchmarks. The tool provides automated assessments of system configurations and provides reports on compliance.
  4. CIS RAM: A risk assessment methodology that helps organizations identify and prioritize risks to their IT systems. The methodology includes a comprehensive set of risk scenarios and provides guidance on how to assess the likelihood and impact of each scenario.
  5. CIS SecureSuite: A suite of cybersecurity tools and services that includes vulnerability scanning, threat intelligence feeds, and incident response services.

CIS provides a valuable set of resources and tools for organizations looking to improve their IT security posture. The organization’s guidelines and benchmarks are widely used by organizations of all sizes and across various industries to reduce their cybersecurity risk and protect their systems and data from cyber threats.

What are the 20 CIS controls?

The CIS Controls are a set of 20 best practice guidelines for improving cybersecurity posture. Here is a list of the 20 CIS Controls:

  1. Inventory and control of hardware assets
  2. Inventory and control of software assets
  3. Continuous vulnerability management
  4. Controlled use of administrative privileges
  5. Secure configuration for hardware and software on mobile devices, laptops, workstations, and servers
  6. Maintenance, monitoring, and analysis of audit logs
  7. Email and web browser protections
  8. Malware defenses
  9. Limitation and control of network ports, protocols, and services
  10. Data recovery capability
  11. Secure configuration for network devices, such as firewalls, routers, and switches
  12. Boundary defense
  13. Data protection
  14. Controlled access based on the need to know
  15. Wireless access control
  16. Account monitoring and control
  17. Implementing a security awareness and training program
  18. Application software security
  19. Incident response and management
  20. Penetration testing and red team exercises

Each of these controls provides specific guidance for improving cybersecurity posture and reducing the risk of common cyber threats. Organizations can use these controls as a framework for developing their cybersecurity strategy and improving their overall security posture.

Who are the members of Center for Internet Security (CIS)?

The Center for Internet Security (CIS) is a non-profit organization that is open to membership from a variety of entities, including government agencies, businesses, and other organizations. As of 2021, CIS has over 20,000 members from around the world.

CIS members include a wide range of organizations, such as:

  1. Government agencies: CIS works closely with federal, state, and local government agencies to provide cybersecurity resources and tools. Many government agencies are members of CIS to take advantage of these resources and improve their cybersecurity posture.
  2. Businesses: Many businesses of all sizes and across various industries are members of CIS. These organizations may be looking for guidance on how to improve their cybersecurity practices, or they may be interested in the tools and services offered by CIS.
  3. Academic institutions: CIS has partnerships with a number of academic institutions to help provide cybersecurity education and training to students and professionals.
  4. Non-profit organizations: CIS has partnerships with a variety of non-profit organizations to help promote cybersecurity awareness and provide resources to underserved communities.

CIS membership is open to a wide range of entities and is designed to help organizations of all types improve their cybersecurity practices and protect their systems and data from cyber threats.

Share: XFacebookPinterestLinkedin
Author: tonyhughes