Center for Internet Security Releases Companion Guides

Center for Internet Security Releases Companion Guides

The Center for Internet Security (CIS) has announced the release of three new Companion Guides to the CIS Controls. 

More than 12,560 individuals and organizations have downloaded the CIS Critical Security Controls for Effective Cyber Defense Version 6.0, since their release to the public on October 15. The CIS Controls are a recommended set of actions that provide specific ways to stop today’s most pervasive and dangerous cybersecurity attacks.

“These new guides represent the ecosystem of working aids we're developing along with the CIS Controls to combat the increasing challenges and complexity of cybersecurity. Our expert panels will continue to create Companion Guides such as these to address specific challenges using the CIS Controls,” said Tony Sager, senior vice president and chief evangelist at CIS.

“The same privacy content was in the recent V. 6.0 of the CIS Controls, but since our panel of experts and I consider privacy of such paramount importance, we opted to release this information in a separate Companion Guide as well,” he added.   

The three new Companion Guides to the CIS Critical Security Controls Version 6.0 are:

Internet of Things Security Companion to the CIS Critical Security Controls V. 6.0: A proliferation of smart devices are driving increased connectivity to custom corporate intranets to the Internet, providing adversaries and hackers new access vectors to launch attacks against these important networks. This Companion Guide for the CIS Critical Security Controls outlines how the CIS Controls are directly applicable to the current and future Internet of Things (IoT) networks.

Mobile Security Companion to the CIS Critical Security Controls V. 6.0: Mobile devices are starting to replace laptops for regular business use. Organizations are building or porting their applications to mobile platforms, so users are increasingly accessing the same data with mobile as with their laptops.  Also, organizations have increasingly implemented bring your own device (BYOD) policies to manage this trend. This Companion Guide helps individuals and organizations apply the CIS Controls to tackle the problems inherent in the increased use of mobile devices.

Toward A Privacy Impact Assessment (PIA) Companion to the CIS Critical Security Controls V 6.0: An effective posture of enterprise cybersecurity need not, and indeed, should not compromise individual privacy.  Many laws, regulations, guidelines, and recommendations exist to safeguard privacy, and enterprises will, in many cases, adapt their existing policies on privacy as they apply the Center for Internet Security Critical Security Controls for Cyber Defense Version 6.0. At a minimum, use of the CIS Controls should conform to the general principles embodied in the Fair Information Practice principles (FIPs) and in Privacy by Design.

An appendix was included in the latest version of the CIS Critical Security Controls to address the importance of safeguarding privacy, and is now a stand-alone Companion Guide. It provides a framework to help organizations create a privacy impact assessment.

“Effective cybersecurity should not compromise individual privacy,” said CIS CEO Jane Holl Lute. “Every organization needs to look at their cybersecurity posture in order to assess and mitigate potential privacy risks. The new Companion Guides provide solutions for many of these challenges, including safeguarding users’ privacy configurations, patching vulnerabilities and restricting unauthorized users.”

Photo © watcharakun

Source: Information Security Magazine