What Are The 18 CIS Critical Security Controls?

When companies struggle with what to do and how to demonstrate their Cyber Security efforts, many turns to ISO 27001 & 27002. These frameworks are excellent for showing compliance but not well-suited for prioritizing, measuring, and implementing practical IT-security initiatives. To that end, you need a consensus-based framework, such as the CIS 18 critical security controls includes detailed practical and prioritized advise on how to implement cyber security. The CIS controls include detailed instructions on what to do, how to measure, how to prioritize, and how to audit your cybersecurity posture.

1

Inventory and Control of Enterprise Assets

2

Inventory and Control of Software Assets

3

Data Protection

4

Secure Configuration of Enterprise Assets and Software

5

Account Management

6

Access Control Management

7

Continous Vulnerability Management

8

Audit Log Management

9

Email and Web Browser Protections

10

Malware Defenses

11

Data Recovery

12

Network Infrastructure Management

13

Network Monitoring and Defense

14

Security Awareness and Skills Training

15

Service Provider Management

16

Applications Software Security

17

Incident Response Management

18

Penetration Testing