Link3 Technologies Uses CIS Controls in Bangladesh
Major IT Solution Provider Uses the CIS Controls
Link3 Technologies Ltd. (Link3) is a full-service IT Solution Provider that has operated in the Bangladesh market for more than 16 years. Link3 has achieved a high level of success through uncompromised service quality and customer satisfaction. Shahab Al Yamin Chawdhury is the Manager of the Information Technology Team at Link3. He uses the CIS Controls to standardize and manage the organization and its assets.
Gap Analysis Visibility
Mr. Chawdhury learned about the CIS Controls from SANS and through the NIST Cybersecurity Framework. Link3 began using the CIS Controls as part of an assessment and gap analysis, helping the organization understand the current state of its network security. Once they identified areas for improvement, Link3 used the CIS Controls to prioritize their requirements for an implementation road map. “First of all, the CIS Controls provide for better visibility of the environment through a gap analysis. This leads to better documentation of required changes and a feasible pathway to excellence,” he stated. Within Link3, there are two teams capable of using multiple frameworks in addition to the CIS Controls, such as NIST, ITIL, and ITCMP.
Metrics and Tools
Mr. Chawdhury uses an automated spreadsheet to measure the completion of each CIS Control. In addition to frameworks, including the CIS Controls and NIST, Link3 uses tools such as vsRisk and Information Shield for risk assessment.
Barriers and Benefits
To implement a truly effective cybersecurity strategy, stakeholders from multiple departments across the organization must be engaged to ensure processes are aligned with security improvements. As with any security program, it is not uncommon to hit a barrier when introducing new ideas, which often leads to changes in policies and processes. Link3 assists other organizations by aligning previous policies and procedures and documenting changes throughout implementation, which allows for a clear understanding of the benefits of the CIS Controls. “We help organizations identify areas for improvement and then guide them to make the necessary changes,” said Mr. Chawdhury.
Commitment to Cybersecurity
In the mobile-first/cloud-first world, Link3 employees work on corporate applications and access sensitive data both on-premises and in cloud-based systems, using every type of device – from laptops, to BYO devices, to IoT sensors. While there is an immense opportunity for enterprises and individuals to derive personal and professional value from today’s connected technologies, organizations experience a corresponding growth in risk as users increase their exposure to cybersecurity threats. While security has always been a focus for Link3 clients, they recognize that the digital world in which we live requires a new approach to how we protect, detect, and respond to security threats. For Link3, this process starts with adopting the CIS Controls.
About Shahab Al Yamin Chawdhury
Shahab Al Yamin Chawdhury has been the Manager of Information Technology at Link3 Technologies Ltd. for two years. He holds a master’s degree in Computer Science and Engineering, is a member of a number of causes and organizations, has obtained dozens of certifications, has been quoted in a number of publications, and has been involved in dozens of Information Technology projects over the past few years.
About the Center for Internet Security
CIS is a forward-thinking, nonprofit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. Our CIS Controls and CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continually refined and verified by a volunteer, global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for state, local, tribal and territorial government entities.