CIS Critical security controls, What are they and how you should use them?


Cybersecurity has an extensive field, and it may seem that many inside the security of the information will never be able to “complete” it, but this no longer has to be the case.

Regardless of the Budget, it may seem impossible for many organizations to protect completely from every attack vectors, and the cyber risk can be challenging. Of course, most organizations have security budgets that are far from limitless. How should we line up its limited security resources for better protection against cyberattacks?

Here is where the CIS controls kicks in, also known as the 20 main CIS security controls.

What are CIS security controls?

CIS controls were created to answer a simple question, “What must a typical organization do to defend against known attacks?”

Controls are a set of 20 better practices measures that organizations can take to protect against cyberattacks. While focusing in a few highly efficient controls, organizations can drastically reduce cyber risks without breaking their budget.

CIS controls are effective for most organizations because they focus on most common attack vectors (the ones with the highest risks). These main threats are identified by some of the most reliable reports in the industry, like the Annual Report of Data Breach investigations from Verizon, and checked by a wide spectrum of cybersecurity experts.

Instead of individual organizations having to interpret and act these trends by themselves, CIS controls provides a guide of better actionable practices on how to protect against recent threats. Each year, controls are updated to reflect most of the important current threats.

CIS controls use for security and compliance

The advantages of CIS security controls are obvious. Controls represents the path of less resistance to protect against the most common cyber threats. Nevertheless, controls also have a great benefit for any organization that must comply with the industry framework. Why?, because for most, if not everyone, of the main compliances framework are closely lined up to CIS controls, as well as CIS reference points.

As a result, lining up with CIS resources can be considered a top priority for any organization that needs to minimize cyber risks while keeping compliance.