Cybersecurity Summit Presents the CIS Controls

Minneapolis Cybersecurity Summit Showcases CIS Controls

The 2015 Minneapolis Cybersecurity Summit event producer asked Colonel Stefanie Horvath, IT Director for the Minnesota Department of Military Affairs and CIO of the Minnesota National Guard, to present at the 2015 Cybersecurity Summit. Col. Horvath leads a team of 50 IT professionals to provide highly reliable, secure network and data services to 70 sites, serving over 1,500 personnel. She is responsible for all matters pertaining to Command and Control, Communications, and Computers, including classified networks, spectrum management, and Communications Security. Through her research for the presentation, Col. Horvath discovered the CIS Controls. “I really like the CIS Controls’ plain language for quickly building a solid information security program,” she explained. In the presentation, Col. Horvath outlined the importance of cyber hygiene, the catalyst in building CIS Controls, and ongoing work to improve implementation of the Controls.

Presentation Highlights

Col. Horvath explained in her presentation: “The more I read about the CIS Controls, the more I was impressed – with the organizations and people, the meticulous methods used to develop the Controls, and the convergence of security practitioners to continually improve implementation of the CIS Controls. She continued: “The CIS Controls are not concerned with pushing a certain tool or product. They are more interested in explaining the procedures that reduce cyber attacks.”

Col. Horvath also likes the fact the CIS Controls are based on knowledge of the current cyber threat environment. She said: “The CIS Controls community intensively examines previous cyber attack vectors and patterns to determine the controls that could have prevented the attack. Between the uncertainty of the threats and the effectiveness of security products, the CIS Controls represented a straightforward, community-driven, highly informed approach to quickly build in safeguards for cybersecurity.”

“The CIS Controls allow us to take greater aim on the attacks we want to stop.”
– Col. Stefanie Horvath, IT Director

The CIS Controls Guide the Path to Larger Compliance Frameworks

Col. Horvath understands the challenges facing cyber defenders, especially the need to secure the network and meet compliance requirements with limited resources. As a Department of Defense organization, the Minnesota National Guard accredits its networks using the NIST Risk Management Framework (RMF). The first part of her presentation at the Summit described the benefits of security controls. However, she chose the CIS Controls as the framework to highlight. “I found the CIS Controls very appealing, especially for smaller organizations, mid-size to large businesses and companies, hospitals, and schools because of the efficiency in the checklists and implementation guidance. I felt the CIS Controls’ packaging accelerated assimilation and implementation by organizations.”

Cost Savings and Benefits to Implementing the Controls

In her presentation, Col. Horvath reviewed the dramatic change in the environment that is shifting the Security Return on Investment equation. In the event of a data breach, companies face the loss of competitive advantages and devaluation of the company brand in addition to the expenses of recovery efforts and potential liability. The CIS Controls offer highly effective measures to prevent the likelihood or minimize the damage of a data breach.

Automating the Controls

In her research, Col. Horvath observed vendor activity surrounding the CIS Controls. Although the CIS Controls do not advocate for any specific vendor, several vendors are aligning their security products to the CIS Controls. She showcased the advantages that alignment brings to security practitioners to review several vendors that offer products fulfilling multiple CSCs. In addition, some products provide graphs and other reports that provide visible metrics into cybersecurity defenses. “There are vendors who are aligned to visualizing the CIS Controls measures: vulnerability mitigation, assessment, and remediation. That is huge,” she explained. “The key benefit is improving your maturity through tangible metrics and visualization of defenses that work.”

About Colonel Stephanie Horvath

Col. Horvath has been with the Minnesota Department of Military Affairs since 2008 and is currently the IT Director and CIO of the Minnesota National Guard. She received her master’s degree from the U.S. Army War College with Network+ certification. In addition, she is the co-chair for the State of Minnesota Information Security Risk Management Governance Committee, an Advisory Board member of the Minneapolis Cyber Security summit, a member of Infragard-Minnesota Chapter, and she published “Enabling Battle Command with the Wideband Global SATCOM.”