What is a Center for Internet Security (CIS)?
The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation.
We are a community-driven nonprofit, responsible for the CIS Controls and CIS Benchmarks, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images provide secure, on-demand, scalable computing environments in the cloud.
Applicability
CIS Benchmarks, published by the Center for Internet Security (CIS), are documented industry best practices for securely configuring IT systems, software, and networks. Currently, there are more than 140 CIS Benchmarks in total, spanning across seven core technology categories. CIS Benchmarks are developed through a unique consensus-based process involving communities of cybersecurity professionals and subject matter experts around the world, each of which continuously identifies, refines, and validates security best practices within their areas of focus.
Objective
The objectives of CIS are:
- Improve the consistency and simplify the wording of each sub-control
- Implement “one ask” per sub-control
- Bring more focus on authentication, encryption, and application whitelisting
Account for improvements in security technology and emerging security problems - Better align with other frameworks (such as the NIST CSF)
- Support the development of related products (e.g. measurements/metrics, implementation guides)
- Identify types of CIS controls (basic, foundational, and organizational)
Approach
Our approach has been covered in a 5-phase format. These include:
Phase 1: Understand Business Process
Understanding the environment and management’s expectations along with the policies and procedures.
Phase 2: Identify Risks and Controls
Identify target processes and understand the process flow, risk, information assets and controls pertaining to processes.
Phase 3: Controls Design Testing
Identify controls based of CIS controls and prepare the issue and opportunity registers, test the control design and identify deficiencies. Prepare risk mitigation plan and calculate the residual risks.
Phase 4: Controls Evaluation
Perform internal audit and identify the control weaknesses and impact of deficiencies.
Phase 5: Reporting
Why CyberSRC®?
Established in January 2018, CyberSRC Consultancy offers the full machination of cyber security services ranging from threat intelligence, VMS to general advisory services in areas pertaining to Cyber security such as vulnerability attacks, compliance, and cyber security regulations, and laws. We are into system audits such as ISNP Audits, NBFC Audits, UCB Audits, PPI Audits, and SEBI Audits. We provide our solutions with better accountability. We are a certified assurance firm. We are an ISO 27001 certified organization, backed by a very diverse and dynamic team which have a combined experience.