The second tool that can support organizations in their cybersecurity risk management efforts (and work in concert with the NIST framework) is the Center for Internet Security’s 20 Critical Controls. Those rec- ommended actions provide specific and actionable ways to stop today’s most pervasive and dangerous cyberattacks.
The listings and descriptions are valuable in ensur- ing that an organization is investigating all appropriate controls and in communicating with non-technical executives.
The first five controls are:
1. Inventory of authorized and unauthorized devices
2. Inventory of authorized and unauthorized software
3. Secure configurations for hardware and software on mobile devices, laptops, workstations and servers
4. Continuous vulnerability assessment and remediation
5. Controlled use of administrative privileges
One can think of the first five controls as consti- tuting basic cybersecurity hygiene. If an organiza- tion cannot implement those basic controls, it can never secure its environment. Yet many govern- ment agencies struggle to maintain an accurate inventory of what they have on their networks and devices. The complexity factor can be exceed- ingly difficult for large organizations to manage.
It must be remembered that NIST’s Cybersecu- rity Framework and CIS’ 20 Critical Controls are tools, not solutions in and of themselves. They can provide an organization with a roadmap for conducting rigorous and regular cybersecurity enterprise risk management processes that will significantly lower an organization’s risk of cat- astrophic loss. The implementation of a robust cybersecurity enterprise risk management process, however, will always be dependent on leaders’ sustained commitment to implementing and over- seeing the process. n
ONLINE REPORT SPONSORED BY:
Special Report
THE STAYING POWER OF SEWP
TOPICS INCLUDE:
SEWP STILL LEADS THE
WAY
SEWP AT YOUR SERVICE
COLLABORATION IS KEY TO SUCCESS
THE MANY
USES FOR
ADVANCED
DATA VISUALIZATION
WITH THE
RIGHT TOOLS, BIG DATA PROVIDES GREAT INSIGHT
TO LEARN MORE, VISIT: FCW.COM/2017SEWP
August 2017 FCW.COM 41