Ride the Lightning

New CIS Cybersecurity Guide for Small and Medium Businesses

October 5, 2017

The Center for Internet Security (CIS) recently published CIS Controls: Implementation Guide for Small- and Medium-Sized Enterprises (SMEs). This guide contains a small sub-set of the CIS Controls specifically selected to help protect SMEs.

The guide seeks to empower the owners of small and medium-sized enterprises to help them protect their businesses with a small number of high priority actions based on the CIS Controls – a comprehensive set of cybersecurity best practices developed by IT experts that address the most common threats and vulnerabilities.

The CIS Controls discussed include:

• Inventory of Authorized and Unauthorized Devices
• Inventory of Authorized and Unauthorized Software
• Secure Configurations for Hardware and Software
• Continuous Vulnerability Assessment and Remediation
• Controlled Use of Administrative Privileges
• Security Skills Assessment and Appropriate Training to Fill Gaps

The guide is only 15 pages – well worth reading in conjunction with the NIST Cybersecurity Framework (covers businesses with up to 500 users) – and it mentions a number of free and low-priced tools.

Hat tip to Dave Ries, as ever.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson