Crysis Averted and the CIS Controls

Crysis Averted Uses CIS Controls for Effective Cyber Defense Version 6.1

Risk Assessment for Small Businesses

Crysis LogoCrysis Averted, known for proactive attention to crisis prevention, is located in Fredericksburg, Va. The company's core business is providing risk management services for small and mid-size businesses. The experience and skills of Crysis Averted’s CEO James Jacobs and his team are focused on helping organizations manage their risks to critical assets using IT Governance, Compliance, and Risk Management initiatives. “This is where the CIS Controls are almost perfect for establishing a security baseline for smaller organizations,” said Mr. Jacobs. The CIS Controls provide a systematic, vendor-agnostic framework for identifying, assessing, and managing information security risks.

Risk Assessment

Mr. Jacobs has been using the CIS Controls for three years. In working with small businesses, he has found that the CIS Controls provide a more feasible approach to cybersecurity than some other available risk management frameworks. “The CIS Controls are a tool that allows us to help smaller organizations develop information security programs and improve their security posture,” he explained.

“This is where the CIS Controls are almost perfect for establishing a security baseline for smaller organizations.”
-James Jacobs, CEO, Crysis Averted


Like many risk management firms, Crysis Averted uses a variety of tools to meet clients’ cybersecurity needs. These include Tenable’s Nessus Vulnerability Scanner to scan for vulnerabilities, missing patches in software, and operating systems. Mr. Jacobs also evaluates systems using NIST, PCI, HIPAA, and other frameworks.

Commitment to Cybersecurity

Mr. Jacobs is in favor of the California Attorney General’s Report recommending the CIS Controls as a reasonable minimum level of information security that all organizations should meet. “We are nearly at a critical level within cybersecurity as more and more severe and sophisticated threats emerge. We are really at a borderline crisis level of cybersecurity threats. It is important for professionals within the information security community to help educate and increase awareness to avert the crisis,” he said.

About James Jacobs

James Jacobs, CEO, has been with Crysis Averted for three years. He holds multiple certifications and has more than 20 years in information technology. Mr. Jacobs received his degree from ECPI University.

About the Center for Internet Security

CIS is a forward-thinking, nonprofit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. Our CIS Controls and CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continually refined and verified by a volunteer, global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for state, local, tribal and territorial government entities.