Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Understanding and Preventing Configuration Drift

Proper management of the configuration of your infrastructure components is vital to security, compliance and business continuity. Unfortunately, configuration drift in systems and applications is common, which leaves the organization vulnerable to attack. Indeed, about 1 in 8 breaches result from errors such as misconfigured cloud environments, and security misconfiguration ranks #5 on the OWASP list of the top 10 web application security risks.

CIS Critical Security Control 18. Penetration Testing

The Center for Internet Security (CIS) provides Critical Security Controls (CIS Controls) to support the evolving field of cybersecurity. CIS Control 18 covers penetration testing (this topic was covered by Control 20 in the previous version). Penetration testing is the intentional launch of cyberattacks in order to evaluate an organization’s security.

CIS Control 17. Incident Response Management

The Center for Internet Security (CIS) offers Critical Security Controls (CSCs) that help organizations improve cybersecurity. CIS CSC 17 covers incident response and management. (In earlier versions of the CIS controls, handling of security incidents was covered in Control 19.) CIS CSC 17 focuses on how to develop a plan for responding to attacks and other security incidents, including the importance of defining clear roles for those responsible for the various tasks involved.

A Guide to CIS Control 8: Audit Log Management

CIS Control 8 Center for Internet Security (CIS) version 8 covers audit log management. (In version 7, this topic was covered by Control 6.) This security control details important safeguards for establishing and maintaining audit logs, including their collection, storage, time synchronization, retention and review. Two types of logs are independently configured during system implementation.

A Guide to CIS Control 10: Malware Defenses

Control 10 of CIS Critical Security Controls version 8 is focused on malware defenses. It describes safeguards to prevent or control the installation, spread and execution of malicious applications, code and scripts on enterprise assets. (In CIS version 7, this topic was covered by Control 8.) Malware, especially ransomware, has become a pressing security issue in recent years.

Is It Reasonable to Deploy a SIEM Just for Compliance?

Many organizations need to meet various compliance standards, and investing in a security information and event management (SIEM) solution can often help them reach that goal. But it worth the cost and effort to deploy a SIEM solution solely for compliance? Or is there a way to maximize the value of your SIEM by strengthening cybersecurity as well as achieving compliance? This article will help you answer those critical questions.

CIS Control 7: Continuous Vulnerability Management

The Center for Internet Security (CIS) provides Critical Security Controls to help organizations improve cybersecurity. Control 7 addresses continuous vulnerability management (this topic was previously covered under CIS Control 3). Continuous vulnerability management is the process of identifying, prioritizing, documenting and remediating weak points in an IT environment.

CIS Control 4: Secure Configuration of Enterprise Assets & Software

Maintaining secure configurations on all your IT assets is critical for cybersecurity, compliance and business continuity. Indeed, even a single configuration error can lead to security incidents and business disruptions. Control 4 of CIS Critical Security Controls version 8 details cyber defense best practices that can help you establish and maintain proper configurations for both software and hardware assets.

CIS Control 1: Inventory and Control of Enterprise Assets

Unless you know what IT assets you have and how important each of them is to your organization, it’s almost impossible to make strategic decisions about IT security and incident response. Indeed, inventory and control of enterprise assets is so important that it is the first in the set of Critical Security Control (CSCs) published by the Center for Internet Security (CIS).