Whereas many standards and compliance regulations aimed at improving overall security, CIS Controls can be narrow in focus by being industry-specific, the CIS CSC was created by experts across numerous government agencies and industry leaders to be industry-agnostic and universally applicable.
The CIS Controls are informed by actual attacks and effective defenses and reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, individuals); with every role (threat responders and analysts, technologists, vulnerability-finders, tool makers, solution providers, defenders, users, policy-makers, auditors, etc.); and within many sectors (government, power, defense, finance, transportation, academia, consulting, security, IT) who have banded together to create, adopt, and support the Controls. Top experts from organizations pooled their extensive first-hand knowledge from defending against actual cyber-attacks to evolve the consensus list of Controls, representing the best defensive techniques to prevent or track them. This ensures that the CIS Controls are the most effective and specific set of technical measures available to detect, prevent, respond, and mitigate damage from the most common to the most advanced of those attacks.
The CIS Controls are not limited to blocking the initial compromise of systems, but also address detecting already-compromised machines and preventing or disrupting attackers’ follow-on actions. The defenses identified through these Controls deal with reducing the initial attack surface by hardening device configurations, identifying compromised machines to address long-term threats inside an organization’s network, disrupting attackers’ command-and-control of implanted malicious code, and establishing an adaptive, continuous defense, and response capability that can be maintained and improved.
LoginRadius looking to improve it’s security posture and harden the defenses against the attack vectors an organization is most likely to encounter, the CIS Critical Security Controls are a great starting point to reduce the risk of exposure and mitigate the severity of most of the attack types.