NIST Special Publication (SP) 800-53 defines the best practices for implementing secure information systems to protect sensitive data. Originally published in 2005 to assist government agencies with FISMA (Federal Information Security Modernization Act), the publication has gone through several revisions over the years, and its language today can be applied to any organization that wants… (more) NIST SP 800-53 Compliance Checklist
There are multiple cybersecurity frameworks that organizations can use to improve their security posture. Perhaps the two most trusted sources for providing these standards are the Center for Internet Security (CIS) and the National Institute of Standards and Technology (NIST). Yet, despite the abundance of trusted frameworks, organizations still face the proverbial Goldilocks dilemma. On… (more) CIS Vs. NIST: Side-by-Side Comparison
Cybersecurity is one of the most important aspects of running a business in the 21st century. In today’s digital world, businesses are increasingly reliant on technology, which makes them more vulnerable to cyberattacks. A cyberattack can have serious consequences for a business, including financial loss, reputational damage, and even legal liability. That’s why it’s so… (more) The Ultimate Manual to the Vulnerability Management Process
The CIS Controls serve a single purpose: to identify the most common and important cyberattacks in the real world that affect enterprises and then translate the knowledge and experience into constructive action for business leaders. Created by the Center for Internet Security (CIS), these benchmarks have since matured into an internal community of dedicated volunteer… (more) CIS Controls V8 Vs. CIS Top 20 Critical Security Controls
Enterprise hardware and software assets come with default settings for easy use and quick deployment. However, these default configurations introduce security risks to the organization’s network. For example, open ports, unnecessary applications, and services provide hackers with potential attack vectors. Creating configuration standards from scratch is a tough sell for most organizations. So instead, they… (more) STIG Vs. CIS: Side-by-Side Comparison
If you are having trouble deciding on the best practices to use in your company’s cybersecurity defense, making use of CIS Controls is a good place to start. Deploying CIS Controls helps to reduce the risk of a hacker completing a successful cyberattack against your business. We’ll walk through the steps you can take to… (more) How to Use the CIS Controls Framework for Your Business
Businesses today have access to advanced technologies that facilitate remote work, automate routine processes, and streamline operations. But adopting these new technologies also increases complexity. Add multiple vendors, delivery models, processes, and lots of data to the mix and we have a highly complicated system in our hands. The issue here is with great complexity… (more) The Ultimate Manual To Cybersecurity Governance
The rules for HIPAA (Health Insurance Portability and Accountability Act) are very clear. If you collect and use PHI (Protected Health Information) from your patients or from healthcare providers’ patients, you must protect this information. You must follow the HIPAA security policies. Although the rule itself is straightforward, the methods you should employ to protect… (more) HIPAA Security Policy Templates
With most things in life, practice makes perfect. Practice gives you the opportunity to make mistakes in a controlled, safe environment, so you can learn from them and make adjustments when facing the real thing. With your business’s cybersecurity, perfection in protection is the only option. You have to prepare for any scenario because you… (more) Cybersecurity Tabletop Exercise Examples
The Center of Internet Security (CIS) comprises cybersecurity professionals and experts from around the world who identify, validate, and promote cyber defense security practices. The CIS has developed various international hardening standards and benchmarks that provide insight into improving your cybersecurity controls. Its hardening guidelines are a part of CIS’s mission to bring physical protection… (more) The Ultimate Manual to CIS Hardening Guidelines