Center for Internet Security & California Attorney General Staff Offer Cybersecurity Guidance to Small Businesses

October 10, 2016

Arlington, VA

The Center for Internet Security (CIS) partnered with California Attorney General Kamala Harris’ staff to present a series of cybersecurity briefings around Sacramento, Calif., last month. The briefings were offered to small businesses to help them defend against cyber attacks, and to encourage them to follow the recommendations in the Attorney General’s California Data Breach Report released in February.

In addition to the small-business presentations, Tony Sager, CIS Senior Vice President and Chief Evangelist, and Philippe Langlois, CIS Controls Technical Program Manager, presented at “Cyber Security Symposium 2016: Securing the Public Trust” at the Sacramento Convention Center on September 28-29.

The CIS presentations focused on practical guidance for implementing the CIS Critical Security Controls™.

“We were grateful to have CIS here to support these events and to help organizations better understand the CIS Controls and the importance of protecting other people’s information entrusted to them,” said Joanne McNabb, Director of Privacy Education & Policy in the Office of the Attorney General at the California Department of Justice.

Attorney General Harris’ February 2016 report concluded that the CIS Critical Security Controls represent “a minimum level of information security that all organizations that collect or maintain personal information should meet.”

“We would not be surprised to see other state governments follow California’s lead in providing cybersecurity best practices to businesses,” said Sager.

CIS Controls Background

On Sept. 21, 2016, CIS released its Critical Security Controls (CIS Controls) Version 6.1 plus two other cybersecurity reference documents: Practical Guidance for Implementing the Critical Security Controls and Executive Summary of the Critical Security Controls.

CIS Controls are used around the world to provide a solid cybersecurity foundation in the form of specific and actionable recommendations to improve an organization’s cyber defense. They remain free for use within end-user organizations. As of Sept. 9, 2016, there have been 48,646 downloads of Version 6.0 of the CIS Controls, in addition to tens of thousands of downloads of prior versions.

About the Center for Internet Security

The Center for Internet Security (CIS) is a 501(c)(3) organization dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. Utilizing its strong industry and government partnerships, CIS combats evolving cybersecurity challenges on a global scale and helps organizations adopt key best practices to achieve immediate and effective defenses against cyber attacks. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC), CIS Security Benchmarks, and CIS Critical Security Controls. To learn more, visit and follow us on Twitter: @CISecurity.