About CIS Top 20 Control

The Center for Internet Security established the CIS Critical Controls and Security benchmarks to help organizations like yours assess and enhance their security. The CIS Critical Controls, formerly called SANS Top 20, is built to provide highly focused and prioritized actionable defense practices against cyber attacks. As security challenges evolve, the CIS practices also advance to meet and effectively combat them.

The scope of the Top 20 CIS Critical Security Controls is a robust cybersecurity defense program that views these attacks not just as a technological challenge, but equally a headache that actually affects people and processes. The CIS is a highly regarded security industry used across all enterprises to help increase their security posture.

The CIS benchmarks realize that many organizations have limited resources and must prioritize its security needs. Therefore, the security controls are designed into three categories: basic, foundational, and organizational, further enhancing the fact that it can be applied universally by any industry type.

Why use CIS Controls?

The CIS Controls is designed by a combined knowledge of experts across different industries and sectors who have come together to identify, create, promote, validate and sustain the best practices in cybersecurity. These individuals pool in their firsthand knowledge achieved by actually combating past cyber attacks.

Therefore, this community does not only present your business with excellent practices but effective techniques that have been tried, tested and optimized to prevent, track or combat attacks, regardless of their severity.  CIS is a not-for-profit organization that was created to serve your security needs actively. It is a community designed to prevent, alert and respond to all cyberattacks hounding our world today.

Overview of CIS controls Version 7

CSC 1: Inventory and Control of Hardware Assets

CSC 2: Inventory and Control of Software Assets

CSC 3: Continuous Vulnerability Management

CSC 4: Controlled Use of Administrative Privileges

CSC 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs

CSC 7: Email and Web Browser Protections

CSC 8: Malware Defenses

CSC 9: Limitation and Control of Network Ports, Protocols, and Services

CSC 10: Data Recovery Capabilities

CSC 11: Secure Configurations for Network Devices, such as Firewalls, Routers, and Switches

CSC 12: Boundary Defense

CSC 13: Data Protection

CSC 14: Controlled Access Based on the Need to Know

CSC 15: Wireless Access Control

CSC 16: Account Monitoring and Control

CSC 17: Implement a Security Awareness and Training Program

CSC 18: Application Software Security

CSC 19: Incident Response and Management

CSC 20: Penetration Tests and Red Team Exercises

Because there is no one-size fits all solution, the CIS controls are meant to be used as a stepping stone to finding what is critical to your business, systems, networks and its infrastructure to implement the appropriate cybersecurity model that reduces the risk of exposure and mitigates the severity of most attacks.

Let our experts provide an optimum assessment of your security program and defenses using the latest CIS Top 20 Security controls

Establish Priorities

Complying with CIS security controls and benchmarks are not only a legal requirement but provide your organization with a secure and faster recovery platform against cyber intrusions.

However, we understand that every business is unique and different especially concerning its security priorities. We will help you establish baseline information security measures and controls. Let us help your enterprise achieve compliance using our CIS assessments.

Professional Assistance

Although complying with CIS standards can seem a challenge, by using a well-defined approach, your business can achieve maximum compliance. By prioritizing your security protocols, needs, and objectives, our consultants can help you integrate the best practices to fill in the gaps in your defense system and combat both common and damaging cyber attacks.

Rigorous Technical and Standard-Based Assessment

Because we are an independent body of experts, we can thoroughly assess your security program from an objective point-of-view. Auditors also prefer assessment results from third-party experts like us, because we provide unbiased results geared towards ensuring an all-around coverage of your security platform.

Extensive Reporting

We understand that your auditors require simplified but yet comprehensive reports of your security program. We not only thoroughly assess your system but correctly document all common and advanced security issues in a streamlined and familiar format for easy evaluation and implementation of the right actions. 

Operate Confidently

By critically assessing all applications, hardware and information systems, we help you find the appropriate solutions against risks and vulnerabilities in your system. Our goal is to provide you with a website that is optimally secure and ready.  

We at Lean Security, are confident in our work and through our team of IT risk management, compliance, and integration experts will ensure that your company’s security system is CIS compliant.

We address your business’s security vulnerabilities and provide you with a best Secure platform, so you can confidently run your business, protected from all threats. Call us Today!