var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Saturday, October 17, 2015

CIS Critical Security Controls - Version 6.0

I recently posted the below on the SANS Internet Storm Center.



Right in the middle of Cyber Security Awareness Month (CSAM), the Center for Internet Security (CIS) released Version 6.0 of the CIS Critical Security Controls for Effective Cyber Defense. This update incorporates significant changes that represent the latest technologies and threats faced by information security professionals. The most notable changes to the CIS Critical Security Controls are listed below and discussed at length in the archived webcast.

  • A new Control for Email and Web Browser Protections
  • Deletion of the Control on Secure Network Engineering
  • Reordering of the Controls to make Controlled Use of Administration Privileges higher in priority

I believe this update positions the CIS Critical Security Controls to remain both an actionable and relevant framework to build and sustain an effective cyber security program. Implementing them has been the catalyst to many organizations demonstrably increasing their cyber security posture. With intentional planning and focus, you can too. The following are several steps you can take right now to start or continue on your journey.


What will you do differently at your organization as a result of this update? Use the comments field to share your feedback!

Russell Eubanks

No comments:

Post a Comment