x
Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

secure your organization
Secure Your Organization


secure specific platforms
Secure Specific Platforms


cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

resources
Resources


learn
Learn


filter by topic
Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

CIS RAM v1.0 Puts the CIS Controls into Action

Risk assessments are a valuable tool for gaining insight into your organization’s security posture. They allow you to view potential security threats to the organization and set a plan-of-action before disaster strikes, ensuring better business continuity. Whether it’s an earthquake, a power grid failure, or a DDoS attack, preparation is key to facing threats with a strategic approach – and a risk assessment is a good first step to understanding the threats present to an organization.

CIS® recently released CIS RAM v1.0 (Center for Internet Security Risk Assessment Method). CIS RAM v1.0 is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls cybersecurity best practices. CIS RAM provides instructions, examples, templates, and exercises for conducting a cyber risk assessment. Each industry and organization faces a combination of unique and shared cyber threats – CIS RAM helps model a reasonable use of the CIS Controls to address the risks present in any environment.

Security designed for every level

Developed by HALOCK Security Labs in partnership with CIS, CIS RAM provides three separate security approaches to support different levels of organizational capability.

  • New to risk analysis? You can use CIS RAM’s instructions for modeling foreseeable threats against the CIS Controls as your organization applies them.
  • Experienced with cybersecurity? Follow instructions for modeling threats against information assets to determine how the CIS Controls should be configured to protect them.
  • Cyber risk expert? Use CIS RAM’s instructions for analyzing risks based on “attack paths” using CIS’ Community Attack Model.

Combine with other risk assessments

There are multiple risk assessment standards in the cybersecurity world, yet CIS RAM is the first to provide very specific instructions for analyzing information security risk in a way that regulators define as “reasonable” and judges evaluate as “due care.” CIS RAM highlights the balance between the harm a security incident might cause and the burden of safeguards – the foundation of “reasonableness.”

CIS RAM conforms to established information security risk assessment standards, such as ISO 27005, NIST SP 800-30, OCTAVE, and RISK IT. CIS RAM supplements these popular standards by providing detailed instructions and templates for quickly designing and implementing an information security risk assessment.

Getting started

CIS RAM is free to use by anyone looking to improve their own cybersecurity; new users are typically able to design their risk assessment within the first day of following the CIS RAM instructions.