Best practices contain tactics and techniques for implementation of effective cyber security measures for companies and institutions. In practice, it is a service to companies’ management and IT staff in decision-making process for the best cyber security implementation. Specialized teams experienced in threat hunting, incident response, forensic analysis and cyber security system design conduct CIS services.
CIS Critical Security Controls with 20 critical controls and 171 sub controls is nowadays the most scalable and the most detailed best practices set. Developed and updated since 2008, it has become a synonym for the best practice.
In 2008, the US Department of Defense (DoD) sent a request to the National Security Agency (NSA), CIS (Center for Internet Security), SANS Institute, and several private sectors to develop a framework to help organizations and institutions to identify and address security omissions.
The initial version of the CIS controls was published in early 2009 and a number of specialized institutions and specialists performed the evaluation. Final validation was done by the State Department. As result of the implementation of security controls, the number of blocked attacks fell during 2009 and over 88% of cyber vulnerabilities were reduced in 85,000 systems belonging to the State Department.
The current version of the CIS control is version 7, published on 19 March 2018.
Special advantage of using CIS control set is fully mapping to security standards and in reality, it is practical implementation of security standards. More on the website.
Mapping CIS control set to sec standards
CIS critical control set contains 20 controls and 171 sub controls, designed to improve cyber security, is fully mapped to security standards with practical implementation in:
- Security framework for protection of SME and institutions
- Operational basement for next security standards:
CIS control set:
HIPAA – Health Insurance Portability and Accountability Act – standard industrijske bezbednosti zdravstvenog sektora
CMMC – Cybersecurity Maturity Model Certification – standard vojne bezb.industrije
PCI DSS – Payment Card Industry Data Security standard industrije bezbednosti platnih kartica
SA/IEC 62443 – bezbednosni standard za industrijske automatizovane i kontrolne sisteme (IACS)
It is designed scalably in order to meet needs of small, medium and large companies and institutions for cyber protection. Research shows that only 3-5% of small, 10-12% of medium and 36-42% of large companies have implemented best practices, which makes them exposed to threats despite the equipment at their disposal. This is precisely the reason why ENISA (EU Cyber Security Agency) for the implementation of the NIS Directive on critical infrastructure protection in its recommendations on security requirements emphasized the use of best practices.
Our CIS services contain two types of subservices.
Both services contain packages tailored specifically for small, medium and large companies.