Cybersecurity Where You Are
by Center for Internet Security
April 12, 2021 8:18 pm
Cybersecurity affects us all whether we are at home, managing a company, supporting clients, or even running a state or local government. Join the Center for Internet Security’s Sean Atkinson and Tony Sager as they discuss trends and threats, ways to implement controls and infrastructure, explore best practices, and interview experts in the industry. If you are interested in learning more about how to grow your cybersecurity program, CIS and its volunteer community are here to bring clarity to these complex issues to bring Confidence in a Connected World.
Part 2 of a 2-part series
– Listen to Part 1
– CIS website
– CIS SecureSuite Tools and Resources
– CIS Benchmarks
– CIS Controls (v8 coming Spring 2021)
– CIS CSAT (CIS Controls Self Assessment Tool)
– Community Defense Model (v2 coming Spring 2021)
In this week’s Cybersecurity Where You Are podcast, hosts Tony Sager and Sean Atkinson continue their conversation on cyber defense as a risk-based process. They discuss the actions and resources that help build and implement “defensive machinery” that support an organization’s current cyber defense plan and help it mature.
A CISO’s First 90 days
The first step a CISO takes when starting with a new organization is to gather information and assess where they are currently in their cyber defense program.
The Importance of a Strong Foundation
An evaluation of a current security posture takes less time when best practices, such as CIS Controls, were referenced at time of implementation.
Know Your Lineage
It is important to document and maintain the original language back to the source prior to customization so that it can be managed downstream. A lineage answers the question, “Where did we start, where did we go?”.
Mapping to Regulatory Frameworks
The need to understand how to mature on a consistent basis is critical. You start with the foundational framework and then map to everything else such as PCI, HIPAA, FEDRAMP and so on.
Tools: From Spreadsheets to CIS CSAT
Most organizations ask themselves, “What can we do with what we already have?”. While this could be a cost-effective and efficient way to approach a cyber defense plan, at times the existing software may not be enough to support maturity.
Share with the Group
Training your internal staff about new cyberattacks and strategies protects them as well as supports the integrity of your organization’s cyber defenses.
Cyber security is not a destination, it is a journey that requires collaboration and communication. When one benefits and shares, all can become stronger.
Episode 5: The Tools of Cyber Defense...an Ongoing, Repetitive Process1 week ago
Episode 4: Dynamics of Cyber Defense...an Ongoing, Repetitive Process4 weeks ago
Episode 3: Third-party Risk Management – Beyond the Questionnaire1 month ago
Episode 1: Welcome to the Basics3 months ago
Episode 2: Trends: Then, Now, and Into the Future2 months ago