7 min
CIS Controls
The CIS Critical Security Controls Series
What are the CIS Critical Security Controls?
The Center for Internet Security (CIS) Top 20 Critical Security Controls
[https://www.rapid7.com/solutions/compliance/critical-controls/] (previously
known as the SANS Top 20 Critical Security Controls), is an industry-leading way
to answer your key security question: “How can I be prepared to stop known
attacks?” The controls transform best-in-class threat data into prioritized and
actionable ways to protect your organization from today's most common
6 min
CIS Controls
The CIS Critical Security Controls Explained - Control 4: Controlled Use of Administrative Privilege
The ultimate goal of an information security program
[https://www.rapid7.com/fundamentals/security-program-basics/] is to reduce
risk. Often, hidden risks run amok in organizations that just aren't thinking
about risk in the right way. Control 4 of the CIS Critical Security Controls
[https://rapid7.com/solutions/compliance/critical-controls/] can be contentious,
can cause bad feelings, and is sometimes hated by system administrators and
users alike. It is, however, one of the controls that can h
5 min
CIS Controls
The CIS Critical Security Controls Explained - Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Stop No. 5 on our tour of the CIS Critical Security Controls
[https://www.rapid7.com/solutions/compliance/critical-controls/] (previously
known as the SANS Top 20 Critical Security Controls) deals with Secure
Configuration for Hardware and Software on Mobile Devices, Laptops,
Workstations, and Servers. This is great timing with the announcement of the
death of SHA1. (Pro tip: don't use SHA1
[https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/]
4 min
Disaster Preparedness: It's Not Thought Of Until It Is Needed Most
...and then it might be too late.
> An update from Delta CEO Ed Bastian: pic.twitter.com/udNN0kzbKs
[https://t.co/udNN0kzbKs]
— Delta (@Delta) August 8, 2016
[https://twitter.com/Delta/status/762707065022349312]
Recently, Delta Airlines suffered a weeklong outage that, if you take it on it's
face, ticks just about every box on a security person's disaster recovery
planning scenario.
Delta has given
[http://www.bizjournals.com/twincities/news/2016/08/08/delta-cancels-flights-outage-minneapolis