7 min
CIS Controls
8 Steps to Successfully Implement the CIS Top 20 Controls in Your Organization
Eight practical steps to help you implement key controls into your organization. Get started now!
4 min
Penetration Testing
CIS Critical Security Control 20: Measure Your Security Standing with Penetration Tests and Red Team Exercises
Protecting yourself from threats requires consistently asking yourself whether your security program is working as designed. Critical Control 20 covers pen tests and Red Team exercises.
3 min
CIS Controls
CIS Critical Security Control 19: Steps for Crafting an Efficient Incident Response and Management Strategy
An effective incident response plan helps you quickly discover attacks, contain the damage, eradicate the attacker's presence, and restore the integrity of your network and systems.
5 min
CIS Controls
CIS Critical Security Control 18: Breaking Down the Control Chaos of Application Software Security
Application software security (Critical Control 18) may seem overwhelming, but when upheld, it can make your SDLC wishes and SecOps dreams come true.
4 min
CIS Controls
CIS Critical Security Control 17: Some Assembly Required for Your Security Awareness and Training Program
Developing out a new security program but neglecting to train your employees on it is like shipping out this year’s hottest product but forgetting to stash the instruction manual in the box. The key principle behind CIS Critical Control 17 is implementing a security awareness and training program.
3 min
CIS Controls
Critical Control 16: Account Monitoring and Control
This is a continuation of our CIS critical security controls blog series, which
provides educational information regarding the control of focus as well as tips
and tricks for consideration. See why SANS listed Rapid7 as the top solution
provider addressing the CIS top 20 controls
[https://www.rapid7.com/solutions/compliance/critical-controls/].
What is CIS Critical Control 16?
In the world of InfoSec, the sexy stuff gets all the attention. Everybody wants
the latest and greatest next-gen produc
3 min
CIS Controls
CIS Critical Security Control 15 Explained: Wireless Access Control – Are You Really Managing Your WiFi?
This is a continuation of our CIS critical security controls blog series
[/2017/04/19/the-cis-critical-security-controls-series/]. See why SANS listed
Rapid7 as the top solution provider addressing the CIS top 20 controls
[https://www.rapid7.com/solutions/compliance/critical-controls/].
Decades ago, your network was a collection of routers, firewalls, switches, wall
ports, and what seemed like a million miles of cable. The only way for your
employees and guests to access it was to be seated nea
5 min
CIS Controls
CIS Critical Control 14 Explained: Controlled Access Based on the Need to Know
This is a continuation of our CIS critical security controls blog series
[/2017/04/19/the-cis-critical-security-controls-series]. See why SANS listed
Rapid7 as the top solution provider addressing the CIS top 20 controls.
Let’s start with some simple, yet often unasked questions. Do you know what
critical assets—information and data, applications, hardware, SCADA systems,
etc.—exist in your organization’s network? Do you have a data classification
policy? Who defines the criticality of systems
3 min
CIS Controls
CIS Critical Security Control 13: Data Protection Explained
This is a continuation of our CIS critical security controls blog series
[/2017/04/19/the-cis-critical-security-controls-series].
Data protection is one of the cornerstones of a solid security program, and it
is a critical function of the CIA Triad of Confidentiality, Integrity, and
Availability. Data protection, as characterized by Critical Control 13, is
essentially secure data management. What do we mean by that?
What is CIS Critical Security Control 13?
Secure data management encompasses c
4 min
CIS Controls
CIS Critical Control 12: Boundary Defense Explained
This blog is a continuation of our blog series on the CIS Critical Controls
[/2017/04/19/the-cis-critical-security-controls-series/].
Key Principle: Detect/prevent/correct the flow of information transferring
networks of different trust levels with a focus on security-damaging data.
What Is It?
Boundary defense is control 12
[https://www.cisecurity.org/controls/boundary-defense/] of the CIS Critical
Controls [https://www.rapid7.com/solutions/compliance/critical-controls/] and is
part of the ne
6 min
CIS Controls
CIS Critical Control 11: Secure Configurations for Network Devices
This blog is a continuation of our blog series on the CIS Critical Controls
[/2017/04/19/the-cis-critical-security-controls-series/].
We’ve now passed the halfway point in the CIS Critical Security Controls
[https://www.rapid7.com/fundamentals/cis-critical-security-controls/]. The 11th
deals with Secure Configurations for Network Devices. When we say network
devices, we’re referring to firewalls, routers, switches, and network IDS
[https://en.wikipedia.org/wiki/Intrusion_detection_system] setup
4 min
CIS Controls
CIS Critical Control 10: Data Recovery Capability
hope you enjoyed your stop at Center for Internet Security (CIS) Critical
Control 9: Limitation and Control of Network Ports, Protocols, and Services
[/2018/03/05/cis-critical-control-9-limitation-and-control-of-ports-protocols-and-services/]
! If you missed the previous stops on this journey, please check out our full
blog series on the CIS Top 20 Critical Controls
[/2017/04/19/the-cis-critical-security-controls-series/]; each blog provides
educational information regarding the control of focus
4 min
CIS Controls
CIS Critical Control 9: Limitation and Control of Ports, Protocols, and Services
This is a continuation of our CIS Critical Control Series blog series. Need help
addressing these controls? See why SANS listed Rapid7 as the top solution
provider addressing the CIS top 20 controls
[https://www.rapid7.com/solutions/compliance/critical-controls/].
If you’ve ever driven on a major metropolitan highway system, you’ve seen it:
The flow of traffic is completely engineered. Routes are optimized to allow
travelers to reach their destinations as quickly as possible. Traffic laws
speci
6 min
Malware
The CIS Critical Controls Explained- Control 8: Malware Defenses
This is a continuation of our CIS critical security controls
[/2017/04/19/the-cis-critical-security-controls-series] blog series.
Workstations form the biggest threat surface in any organization. The CIS
Critical Security Controls
[https://www.rapid7.com/fundamentals/cis-critical-security-controls/] include
workstation and user-focused endpoint security in several of the controls, but
Control 8 (Malware Defenses) is the only control to strictly focus on antivirus
and malware across the organiza
5 min
CIS Controls
The CIS Critical Controls Explained - Control 7: Email and Web browser protection
This blog is a continuation of our blog post series around the CIS Critical
Controls
[https://www.rapid7.com/blog/post/2017/04/19/the-cis-critical-security-controls-series/]
.
The biggest threat surface in any organization is its workstations. This is the
reason so many of the CIS Critical Security Controls
[https://www.rapid7.com/fundamentals/cis-critical-security-controls/] relate to
workstation and user-focused endpoint security. It is also the reason that
workstation security is a multibill