Monday, August 21, 2023

CIS - Benchmark

The CIS Benchmark, developed by the Center for Internet Security (CIS), is a set of best practices and guidelines designed to help organizations secure their systems, networks, and software applications. CIS is a nonprofit organization that focuses on improving cybersecurity readiness and response across various industries and sectors. (You have to pay to become a member :))

CIS Benchmarks provide specific configuration recommendations for various technology products, such as operating systems, databases, web servers, network devices and more. These recommendations are derived from a consensus of cybersecurity experts and are intended to enhance the security posture of an organization's IT environment.

The benchmarks outline security controls and settings that should be implemented to mitigate common security vulnerabilities and threats. These controls are often based on industry standards and regulatory requirements. The guidelines are typically organized into different sections, each addressing specific security areas, such as authentication, access control, logging, and encryption.

CIS Benchmarks are valuable resources for organizations looking to harden their IT systems against cyberattacks and unauthorized access. By following the recommendations in the benchmarks, organizations can reduce the risk of security breaches and data leaks. It's important to note that while the benchmarks provide a strong starting point for security configuration, they may need to be adapted to fit an organization's specific needs and use cases.

CIS releases benchmarks for a wide range of technologies and platforms, and they are regularly updated to stay current with emerging threats and evolving technology landscapes. These benchmarks are widely used across industries as a foundation for implementing strong cybersecurity practices and are considered a valuable resource for both IT professionals and security practitioners.

Link: https://www.cisecurity.org/cis-benchmarks

Organization also provides CIS Hardened images that are pre-configured to meet the robust recommendations of the CIS Benchmark.

https://www.cisecurity.org/cis-hardened-image-list

Also please register at https://workbench.cisecurity.org/ to get more details on the benchmark guides.

CIS also publishes standards on how we can evaluate organizations security controls and at the time of writing version 8 has been published.

Main evaluation of the controls revolve around the below list.

1. Asset Management

2. Data Management

3. Secure Configurations

4. Account and Access Control Management

5. Vulnerability Management

6. Log Management

7. Malware Defense

8. Data Recovery

9. Security Training

10. Incident Response

Security landscape keeps changing and so are the organization needs, so please verify and use as per the needs.

Featured Posts

How? Protecting from Malicious Code

Malicious code by definition is unwanted file or program that can cause harm to a system or compromise its function. We know this for a lon...

Popular Posts