CIS Controls Version 8 Released
On May 18, 2020, the Center for Internet Security (CIS) released Version 8 of its CIS Controls. Formerly the SANS Critical Controls (SANS Top 20) and the CIS Critical Security Controls, the consolidated Controls are now officially called the CIS Controls.
Version 8 combines and consolidates CIS Controls by activities rather than by who manages the devices. CIS intends the new version to better address some significant developments in IT and cybersecurity over the past several years, including the movement to cloud solutions, increased mobility, and normalization of remote work.
The Center for Internet Security has also updated its set of safeguards for warding off the five most common types of attacks facing enterprise networks—web-application hacking, insider and privilege misuse, malware, ransomware, and targeted intrusions.
In issuing its CIS Controls V8 this month, the organization sought to present practical and specific actions businesses can take to protect their networks and data. These range from making an inventory of enterprise assets to account management to auditing logs. The number of controls has also been decreased from 20 to 18.
18 CIS Controls
Inventory and Control of Enterprise Assets: Actively manage all enterprise assets connected to the infrastructure. This also supports identifying unauthorized and unmanaged assets to remove or remediate.
Inventory and Control of Software Assets: Actively manage all software on the network. Only authorized software is installed and can execute.
Data Protection: Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.
Secure Configuration of Enterprise Assets and Software: Establish and maintain secure configuration of enterprise assets and software.
Account Management: Use processes and tools to assign and manage authorization of credentials for user accounts to enterprise assets and software.
Access Control Management: Use processes and tools to create, assign, manage, and revoke access credentials and privileges for users, administrators, and service accounts for enterprise assets and software.
Continuous Vulnerability Management: Develop a plan to continuously assess and track vulnerabilities on all enterprise assets within the enterprise's infrastructure to remediate and minimize the window of opportunity for attackers. Monitor public and private industry sources for new threat and vulnerability information.
Audit Log Management: Collect, alert, and retain audit logs of events that could help detect, understand, or recover from an attack.
Email Web Browser and Protections: Improve protections and detections of threats from email and web vectors.
Malware Defenses: Prevent or control the installation, spread, and execution of malicious applications, code, or scripts on enterprise assets.
Data Recovery: Establish and maintain data recovery practices sufficient to restore in-scope enterprise assets to a pre-incident and trusted state.
Network Infrastructure Management: Establish, implement, and actively manage network devices to prevent attackers from exploiting vulnerabilities.
Network Monitoring and Defence: Operate processes and tooling to establish and maintain comprehensive network monitoring and defense against security threats across the enterprise’s network infrastructure and user base.
Security Awareness and Skills Training: Establish and maintain a security awareness program to influence behaviour among the workforce to be security conscious and properly skilled to reduce cybersecurity risks to the enterprise.
Service Provider Management: Develop a process to evaluate service providers who hold sensitive data or are responsible for an enterprise’s critical IT platforms or processes to ensure these providers are protecting those platforms and data appropriately.
Application Software Security: Manage the security life cycle of in-house developed, hosted, or acquired software to prevent, detect and remediate security weaknesses before they can impact the enterprise.
Incident Response Management: Establish a program to develop and maintain an incident response capability to prepare, detect, and quickly respond to an attack.
Penetration Testing: Test the effectiveness and resiliency of enterprise assets through identifying and exploiting weaknesses in controls and simulating the objectives and actions of an attacker.
Leading Cybersecurity Threats in 2021
The new cybersecurity threats emerging in 2021 can be addressed if an organization adopts a CIS cybersecurity Posture.
The reorganization of the CIS Security Posture emphasizes data protection, whether on premises, in the cloud, or hosted by a third party. As the large trend in 2020 was ransomware, the updated CIS controls such as Audit Log Management, Continuous Vulnerability Management, Data Protection (network segmentation of sensitive data), and LCM engagement processes directly address these critical issues.
Remote Workforce
Potential vulnerabilities have increased because of Remote Desktop Protocol (RDP) software, remote access security, reliance on third-party IT service providers, and digital communication as the primary venue to share information.
Uncovered Technology Errors & Omissions (E&O)
Many organizations have accelerated their digital transformations because of COVID-19. This acceleration represents a new E&O exposure.
Breach Regulations
The regulatory environment continues to grow, and recent fines demonstrate that organizations should be mindful of the impact of a breach. Continued evolution in this space could bring larger financial concerns from a fines and penalties standpoint.
Cyber Extortion
Ransomware attacks have evolved to now include the threat of exposure of sensitive data on the public Internet. These attacks can result in corporate downtime as well as potential liability consequences in terms of regulatory fines or third-party lawsuits.
Vendor Risk
Due to growing needs, businesses have had to rely on third-party technology and back-end applications. This reliance of technology suppliers may potentially add risks that may impact the cybersecurity posture as demonstrated by the recent SolarWinds compromise.
Developing A Cybersecurity Business Plan
LCM can help clients assess their environment using the updated CIS controls and develop a cybersecurity Business Plan based on the assessment results.
The most difficult task of implementing an effective Security Program in any organization is determining how to most effectively spend the necessary funds and then measure the monies' effectiveness. By adopting the cybersecurity Business Plan, the customer will agree on an acceptable risk score. The business and Information Technology Management will agree on budgets and remediation plans that align with the risk score. The success of the Security Business Plan can then be measured against budgets and effectiveness.
Further, the cybersecurity Business Plan will demonstrate to all concerned internal, regulatory, compliance and external parties that a plan is in place and the customer is following and committed to the plan.
About LCM
LCM Security, Inc. was founded in 2001 solely to provide advanced network security solutions that enable organizations to better leverage and control their costs associated with the acquisition and managing of Security Infrastructures.
LCM Security specializes in security assessments, technologies, implementations, and management. The LCM Security managed security services team comprises certified engineers with particular expertise in network and communication security. LCM's approach is to work effectively and professionally alongside an organization's IT staff.
LCM's focus is on providing the expertise and technologies necessary to secure an organization's intellectual property and ensure the internet positively impacts productivity and customer relations. Simply stated, LCM Security allows our customers to secure their environment with maximum effectiveness by mitigating the potential risks.
Contact LCM today and get started on your cybersecurity plan.
Popular Posts
