The annual RSA Conference has become a rite of passage for cybersecurity professionals of all stripes. More than 45,000 people attended this year’s event which explored the human element of cybersecurity. Several CIS team members traveled to San Francisco to take part in the conference and present on topics including cyber hygiene and securing election technology. CIS was also recognized for our election security efforts. Keep reading to catch up on all of the CIS highlights from RSA Conference 2020.

Election Security Partner of the Year

Microsoft named CIS “Election Security Partner of the Year” at the 20/20 gala event. CIS is honored to be recognized for our best practices approach to securing election infrastructure. CIS helps election officials secure elections from the start by mapping and applying our globally recognized organizational cybersecurity best practices, the CIS Controls, to the unique nature of election security.. These customized best practices have been developed into guides and tools that support election officials and our election security partners, like Microsoft.

Cyber hygiene takes center stage

We are in a multi-framework era where organizations have to comply with multiple cybersecurity policy, regulatory and legal frameworks to achieve compliant cybersecurity. As more public services are offered digitally the need for aligning with a single recognized authority on cybersecurity best practices is critical. Many of the existing frameworks tell organizations “what to do” to achieve cybersecurity compliance. The CIS Controls complement these frameworks by helping organizations understand “how to do it”. They are the definition of an effective cybersecurity program. The CIS Controls break down cybersecurity actions into scalable achievable steps identified as Implementation Groups (IG). IG1 is the definition of cyber hygiene and represents a standard of duty of care for organizations. These are steps that any organization can take and feel confident that they’re protected from most known cybersecurity threats.

 

Connecting with the CIS Community

One of our favorite parts of RSA 2020 was connecting with CIS’s global cybersecurity network. We met with CIS SecureSuite Members to learn how they’re leveraging the resources for enhanced cyber defenses. We discussed cloud security challenges with our CIS Hardened Images users. Our team also connected with some of the amazing volunteer contributors who help develop security best practices through CIS’s communities.

Cybersecurity moves beyond the ballot box

Protecting elections infrastructure is essential to securing democracy. Senior Director for Election Security, Aaron Wilson, presented on how consensus-developed best practices from CIS are being used to secure and verify America’s internet-connected election technology. There is currently no standard process for verifying non-voting election technology. Many states do not have a framework available from which to develop a verification process. Those that do, often have processes that are manual, slower, less flexible, and more costly than desired. This type of verification process often serves as a disincentive for product change and innovation, resulting in information systems running outdated and unpatched software. The CIS Rapid Architecture-Based Election Technology Verification (RABET-V) process helps election officials evaluate non-voting election technology systems to determine whether the systems they’re considering purchasing meet the security specifications they set. It’s a flexible, risk-based, and cost-effective election system verification process that will expedite testing of system changes while continuing to provide assurances of reliability, robustness, confidentiality, integrity, and availability.

View presentation

Collaboration meets cyber defense techniques

Cybersecurity is a challenge that must be solved collectively – by sharing resources to help secure critical systems from today’s threats. The CIS team was honored to present, be recognized, and connect with our community at RSA Conference 2020. We can’t wait to see what the next year in cyber security holds.