Using the CIS 20 security controls as a starting point for a security program (Part 1)

Update: 2019-07-09

Description

For small and medium organizations, implementing a formal security program can see like a huge task.

However, breaking this into small steps can help make that goal seem more attainable.

The CIS 20 security controls is a framework that every SMB should begin implementing. Under CCPA, organizations that are following a proven framework, will be exempt from some of the litigation liabilities. CIS 20 is one of the frameworks that California attorney generals have accepted in the past.

If you don't have a security program in place, your organization is like tacking the problem in an ad-hoc manner. Should an attack happen, being organized will give a much greater attempt of surviving.

https://www.cisecurity.org/controls/cis-controls-list/

Comments

In Channel

IT Asset Management (Webinar Audio)

2020-02-0432:45

The 80/20 Rule of Cybersecurity for SMBs

2020-01-1633:31

Figuring Out Which Cyber Insurance Components You Actually Need Is Tough - Here Are Some Tips

2019-12-3142:57

Challenging the Cybersecurity System: Why do we continue to make the same mistakes (Part 2)

2019-12-1130:18

Challenging the Cybersecurity System: Why Do We Continue To Make The Same Mistakes (Part1)

2019-11-1947:08

Why you should model your cybersecurity program on an industry framework

2019-10-2947:08

Common SMB Cybersecurity mistakes and misconceptions

2019-09-0301:07:12

Ex-CIA Analyst tells why every small business is a target of nation states cybersecurity attacks

2019-08-2050:11

Security Awareness Training: Building transformational programs that actually effect change

2019-08-0653:56

Using the CIS20 security controls as a starting point for a security program (Part 2)

2019-07-1629:15

Using the CIS 20 security controls as a starting point for a security program (Part 1)

2019-07-0947:24

What exactly is cloud security? Is it any different than traditional security?

2019-07-0201:10:47

M is For Malware: A Security Consultant's Passion Project

2019-06-2533:13

HIPAA is an example of the minimum security controls organizations should implement

2019-06-1845:52

Security Awareness Training Is One of the most Effective Security Controls

2019-06-1846:42

SMB Threat Landscape - The Threats and Attacks Small and Medium Organizations Should Be Aware Of

2019-06-1838:59

00:00

Using the CIS 20 security controls as a starting point for a security program (Part 1)

#box-pro-ellipsis-176142373401778{-webkit-line-clamp:2;}Using the CIS 20 security controls as a starting point for a security program (Part 1)

Using the CIS 20 security controls as a starting point for a security program (Part 1)

CyberX

Using the CIS 20 security controls as a starting point for a security program (Part 1)