Cybersecurity Where You Are

Cybersecurity Where You Are


Cybersecurity affects us all whether we are at home, managing a company, supporting clients, or even running a state or local government. Join the Center for Internet Security’s Sean Atkinson and Tony Sager as they discuss trends and threats, ways to implement controls and infrastructure, explore best practices, and interview experts in the industry. If you are interested in learning more about how to grow your cybersecurity program, CIS and its volunteer community are here to bring clarity to these complex issues to bring Confidence in a Connected World.

Part 2 of a 2-part series

Episode Resources:

– Listen to Part 1
– CIS website
– CIS SecureSuite Tools and Resources
– CIS Benchmarks
– CIS Controls (v8 coming Spring 2021)
– CIS CSAT (CIS Controls Self Assessment Tool)
– Community Defense Model (v2 coming Spring 2021)

In this week’s Cybersecurity Where You Are podcast, hosts Tony Sager and Sean Atkinson continue their conversation on cyber defense as a risk-based process. They discuss the actions and resources that help build and implement “defensive machinery” that support an organization’s current cyber defense plan and help it mature.

A CISO’s First 90 days

The first step a CISO takes when starting with a new organization is to gather information and assess where they are currently in their cyber defense program.

The Importance of a Strong Foundation

An evaluation of a current security posture takes less time when best practices, such as CIS Controls, were referenced at time of implementation.

Know Your Lineage

It is important to document and maintain the original language back to the source prior to customization so that it can be managed downstream. A lineage answers the question, “Where did we start, where did we go?”.

Mapping to Regulatory Frameworks

The need to understand how to mature on a consistent basis is critical. You start with the foundational framework and then map to everything else such as PCI, HIPAA, FEDRAMP and so on.

Tools: From Spreadsheets to CIS CSAT

Most organizations ask themselves, “What can we do with what we already have?”. While this could be a cost-effective and efficient way to approach a cyber defense plan, at times the existing software may not be enough to support maturity.

Share with the Group

Training your internal staff about new cyberattacks and strategies protects them as well as supports the integrity of your organization’s cyber defenses.

Cyber security is not a destination, it is a journey that requires collaboration and communication. When one benefits and shares, all can become stronger.

Recent Episodes

  • Episode 5: The Tools of Cyber Ongoing, Repetitive Process

    1 week ago
  • Episode 4: Dynamics of Cyber Ongoing, Repetitive Process

    4 weeks ago
  • Episode 3: Third-party Risk Management – Beyond the Questionnaire

    1 month ago
  • Episode 1: Welcome to the Basics

    3 months ago
  • Episode 2: Trends: Then, Now, and Into the Future

    2 months ago