Technology Brief

A Quick Look into the Center for Internet Security (CIS) Controls Cybersecurity Framework

It’s shouldn’t come as a surprise that the exhaustive list of cybersecurity breaches over the last decade is quite extensive. CSO.com recently reported that 3.5 billion personal records were exposed from just the top two breaches in recent history. The diversified totality of industries hit is evidence that threat actors are target agnostic.

With economists now placing the value of data above that of oil – are enterprises getting any better at protecting their most valuable asset from cyber-attacks? The consensus between industry experts is a resounding “no.” The reality is when breaches happen, enterprises loose money. While the age of cloud computing has lead to advances in IoT devices, SaaS, and the ability to work remotely from anywhere, these advancements come paired with a larger attack surface for threat actors across the enterprise.

RavenTek has looked to the Center for Internet Security (CIS) Controls 3 as a framework to help build, strengthen and maintain a strong cybersecurity posture for our customers. The CIS provides a framework for organizations to improve their security posture while also creating a culture of compliance. At the end of the day, no single tool will a substitute for action. The controls are only as good as the people and resources implementing them and the culture of the organization trying to implement them.

This summary of the CIS framework was prepared to help IT leaders and security teams gain visibility throughout their enterprise technology stack. Our methodology allows for a more sophisticated and refined understanding of what IT leaders are “looking for” versus what they are “looking at” which leads to a more conscientious approach in their decision-making process.