October is Cybersecurity Awareness Month: Do Your Part, Be Cyber Smart
For 18 years, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) have teamed up to promote Cybersecurity Awareness Month in the United States.
The goal is to raise awareness about the importance of cybersecurity, and to ensure that all of us – at home and at work – have the resources we need to be safer and more secure online. That objective aligns perfectly with our mission here at CIS: Creating Confidence in the Connected World.
Here are a few ways we go about helping all enterprises, including private organizations and U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and individuals do exactly that.
Best Practice Solutions
Every day, CIS supports our members as they navigate the constantly evolving challenges that come with securing their organizations and protecting their stakeholders.
In May, we announced the launch of CIS Critical Security Controls (CIS Controls) v8. This updated version of the CIS Controls – developed in collaboration with a global volunteer community of cybersecurity experts – is designed to enhance an organization's ability to keep up with modern systems and software, including cloud and mobile technologies. The 18 top-level CIS Controls contain 153 Safeguards that provide a prioritized path to improving an enterprise’s cybersecurity posture.
We recently published the CIS Controls v8 Mobile Companion Guide addressing the security challenges that arise from using mobile devices in the enterprise. It highlights the applicability of the CIS Controls, as well as considerations for securely deploying devices like smartphones and tablets in a full range of environments, including: unmanaged; fully managed; bring your own device (BYOD); and corporate-owned, personally enabled (COPE).
In late September, we released our CIS Community Defense Model (CDM) v2.0. It takes the best practices in the CIS Controls and maps them to the MITRE ATT&CK framework. Implementation Group 1 (IG1) of the CIS Controls, the definition of essential cyber hygiene, provides enterprises with a high level of protection, positioning them to defend against the top five attack types – malware, ransomware, web application hacking, insider privilege and misuse, and targeted intrusions.
Resources for CIS SecureSuite Members
Along with these guides, which are available at no cost, our teams are constantly working to deliver new and improved tools exclusively for CIS SecureSuite Members. Membership provides access to Pro versions of our tools, including:
- CIS CSAT Pro: helps organizations measure their compliance with the CIS Controls
- CIS-CAT Pro Assessor: designed to provide an in-depth view of an endpoint's security configuration
- CIS Build Kits: automated tools that help IT professionals accelerate their implementation of CIS Benchmark recommendations
A CIS SecureSuite Membership also provides access to CIS WorkBench, including CIS Benchmarks in a variety of machine readable formats, and the ability to tailor those Benchmarks to an organization's uniqueneeds.
CIS SecureSuite Membership is a cost-effective way to assess, remediate, and implement an effective cybersecurity program at scale. Now through October 31, save up to 20% on a new Membership. It's available at no cost to U.S. SLTT entities.
Interested in learning more? Sign up today.