The Center for Internet Security (CIS) has created a comprehensive security framework – the Critical Security Controls (CSC) for Effective Cyber Defense – that provides organizations with a prioritized, highly focused set of actions that are implementable, usable, scalable, and compliant with global industry & government security requirements.
The CSC are developed, refined, and validated by a community of leading experts from around the world.
Contrary to other security standards, such as PCI-DSS and ISO 27k, which focus on organizational controls, the CIS controls are pragmatic and operational, having been thought and designed to be automated. In this way, it allows enterprises to reduce the burden on security teams and define an easy to understand and to implement framework.
According to CIS, organizations that apply just the first five CIS Controls can reduce their risk of cyberattack by around 85 percent.
In a world full of compliance, best practices and security advices, the CIS sets important milestones. These are important in order to explain and report risk indicators to the C-level and get budget buy-in.
In this whitepaper, we describe the top 5 of the CIS controls and show how Elastic Detector (ED) and Elastic Workload Protector (EWP) make the implementation straightforward. After this first milestone, we show how to raise the bar to 94%.