Blog Feed - Center for Internet Securityhttps://www.cisecurity.org/feed/blogIndustry news, product updates, videos, infographics, and more from CIS.enhttps://www.cisecurity.org/-/media/project/cisecurity/cisecurity/data/media/img/uploads/2020/04/cropped-cis-512x512-1-32x32.png?h=32&w=32&rev=023ed3a07d874562a4ebce861c4525f0Blog Feed - Center for Internet Securityhttps://www.cisecurity.org/feed/bloghttps://www.cisecurity.org/insights/blog/cis-benchmarks-march-2024-updateCIS Benchmarks March 2024 UpdateHere is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for March 2024.Thu, 07 Mar 2024 15:58:00 Zhttps://www.cisecurity.org/insights/blog/the-first-steps-of-establishing-your-cloud-security-strategyThe First Steps of Establishing Your Cloud Security StrategyYou've migrated to the cloud, which means it's time to focus on cloud security. Here are some first steps to begin enacting your cloud security strategy.Wed, 28 Feb 2024 17:34:00 Zhttps://www.cisecurity.org/insights/blog/top-10-malware-q4-2023Top 10 Malware Q4 2023The Top 10 Malware in Q4 2023 changed slightly from the previous quarter. Here's what the CIS Cyber Threat Intelligence team observed.Tue, 27 Feb 2024 14:44:00 Zhttps://www.cisecurity.org/insights/blog/celebrating-victories-catching-up-with-the-inaugural-alan-paller-laureate-program-awardeesCelebrating Victories: Catching up with the Inaugural Alan Paller Laureate Program AwardeesCIS celebrates the truly awe-inspiring recipients from the 2023 Alan Paller Laureate Program. Check out their stories today.Thu, 15 Feb 2024 17:37:00 Zhttps://www.cisecurity.org/insights/blog/ctas-leveraging-fake-browser-updates-in-malware-campaignsCTAs Leveraging Fake Browser Updates in Malware CampaignsCyber threat actors are targeting SLTTs with malware that use fake browser updates and secondary exploitation. The MS-ISAC breaks down this threat activity.Thu, 08 Feb 2024 17:06:00 Zhttps://www.cisecurity.org/insights/blog/cis-benchmarks-february-2024-updateCIS Benchmarks February 2024 UpdateHere is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for February 2024.Wed, 07 Feb 2024 18:03:00 Zhttps://www.cisecurity.org/insights/blog/3-cis-resources-to-help-you-drive-your-cloud-cybersecurity3 CIS Resources to Help You Drive Your Cloud CybersecurityOnce you've migrated to the cloud, you need to prioritize your cloud cybersecurity. These three resources from CIS can help.Thu, 25 Jan 2024 22:30:00 Zhttps://www.cisecurity.org/insights/blog/supporting-your-secure-cloud-goals-our-2023-year-in-reviewSupporting Your Secure Cloud Goals: Our 2023 Year in Review2023 was a year full of efforts to help support you in meeting your secure cloud goals. Here's a look back at just a few of them.Fri, 19 Jan 2024 17:35:00 Zhttps://www.cisecurity.org/insights/blog/migrating-to-the-cloud-an-overview-of-process-and-strategyMigrating to the Cloud: An Overview of Process and StrategyThinking of migrating to the cloud? Here are some key benefits, challenges, and methods for planning out a process that will work for your organization.Thu, 18 Jan 2024 14:28:00 Zhttps://www.cisecurity.org/insights/blog/cis-benchmarks-january-2024-updateCIS Benchmarks January 2024 UpdateHere is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for January 2024.Thu, 11 Jan 2024 15:28:00 Zhttps://www.cisecurity.org/insights/blog/ctas-using-adversary-in-the-middle-aitm-phishing-attacksCTAs Using Adversary in the Middle (AiTM) Phishing AttacksCyber threat actors show no sign of curbing their Adversary in the Middle (AiTM) phishing attacks against SLTTs. Here's how to defend your organization.Mon, 08 Jan 2024 14:53:00 Zhttps://www.cisecurity.org/insights/blog/16-cis-experts-cybersecurity-predictions-for-202416 CIS Experts Cybersecurity Predictions for 2024Looking for context you can use to map out your 2024 cybersecurity priorities? 16 CIS experts share their cybersecurity predictions for the year ahead.Thu, 04 Jan 2024 05:00:00 Zhttps://www.cisecurity.org/insights/blog/why-employee-cybersecurity-awareness-training-is-importantWhy Employee Cybersecurity Awareness Training Is ImportantNot everyone invests in employee cybersecurity awareness training. Here's four experts' thoughts on why you should – and a way to save in the process!Wed, 13 Dec 2023 15:46:00 Zhttps://www.cisecurity.org/insights/blog/rabet-v-a-new-approach-to-testing-election-technologyRABET-V: A New Approach to Testing Election TechnologyThe traditional testing approach for non-voting technology constrains election security. Learn how RABET-V does things differently.Mon, 11 Dec 2023 14:17:00 Zhttps://www.cisecurity.org/insights/blog/top-10-malware-q3-2023Top 10 Malware Q3 2023The Top 10 Malware in Q3 2023 saw some significant shifts from the previous quarter. Here's what the CTI team at the MS-ISAC® observed.Tue, 05 Dec 2023 22:23:00 Zhttps://www.cisecurity.org/insights/blog/cis-benchmarks-december-2023-updateCIS Benchmarks December 2023 UpdateHere is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for December 2023.Tue, 05 Dec 2023 17:27:00 Zhttps://www.cisecurity.org/insights/blog/the-llm-misinformation-problem-i-was-not-expectingThe LLM Misinformation Problem I Was Not ExpectingKathleen Moriarty discusses an unexpected LLM misinformation problem: students incorporating non-vetted AI results into their assignments.Mon, 20 Nov 2023 22:27:00 Zhttps://www.cisecurity.org/insights/blog/cis-hardened-images-now-in-microsoft-azure-marketplaceCIS Hardened Images Now in Microsoft Azure MarketplaceMicrosoft Azure is a major cloud provider of virtual machine images – and one of four where the Center for Internet Security offers CIS Hardened Images.Thu, 16 Nov 2023 19:22:00 Zhttps://www.cisecurity.org/insights/blog/how-cis-can-help-you-enact-defense-in-depth-in-the-cloudHow CIS Can Help You Enact Defense-in-Depth in the CloudIn a previous post, we introduced the concept of defense-in-depth and explained how it strengthens an enterprise’s security program against aTue, 07 Nov 2023 13:36:00 Zhttps://www.cisecurity.org/insights/blog/cis-benchmarks-november-2023-updateCIS Benchmarks November 2023 UpdateHere is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for November 2023.Mon, 06 Nov 2023 13:26:00 Zhttps://www.cisecurity.org/insights/blog/who-is-cisWho Is CIS?At CIS, we are innovators in developing prioritized guidance that is proven to help organizations mitigate cyber risk. Here's how we do it.Wed, 01 Nov 2023 17:09:00 Zhttps://www.cisecurity.org/insights/blog/security-control-changes-due-to-tls-encrypted-clienthelloSecurity Control Changes due to TLS Encrypted ClientHelloEncrypted ClientHello means that HTTPS sessions will no longer expose the domain name of the destination web server when enabled. Here's what this means.Wed, 01 Nov 2023 11:30:00 Zhttps://www.cisecurity.org/insights/blog/hardened-windows-desktop-oses-debut-on-azure-marketplaceHardened Windows Desktop OSes Debut on Azure Marketplace!CIS has released Hardened Images for Microsoft Windows 10 and 11 on the Azure Marketplace. Here's what this means for your cloud security needs.Tue, 24 Oct 2023 16:33:00 Zhttps://www.cisecurity.org/insights/blog/how-to-calculate-your-organizations-ransomware-riskHow to Calculate Your Organization's Ransomware RiskRansomware remains both a prevalent and impactful type of attack. Here's a tool to help you calculate your organization's ransomware risk.Tue, 24 Oct 2023 12:51:00 Zhttps://www.cisecurity.org/insights/blog/timely-patching-reduces-system-compromisesTimely Patching Reduces System CompromisesTimely patching is one of the most important cybersecurity controls preventing system compromise – especially amid growing cyber threats.Wed, 18 Oct 2023 19:27:00 Zhttps://www.cisecurity.org/insights/blog/the-cis-controls-a-way-to-meet-the-nys-oag-data-safety-tipsThe CIS Controls: A Way to Meet the NYS OAG Data Safety TipsIn this post, we explain how you can meet some of the data safety recommendations of the NYS OAG using the CIS Controls.Tue, 17 Oct 2023 13:18:00 Zhttps://www.cisecurity.org/insights/blog/what-is-cyber-threat-intelligenceWhat is Cyber Threat Intelligence?The MS- and EI-ISAC Cyber Threat Intelligence team helps support SLTTs' cybersecurity defenses. Here's what we mean when we say "CTI."Thu, 12 Oct 2023 21:37:00 Zhttps://www.cisecurity.org/insights/blog/a-short-guide-for-spotting-phishing-attemptsA Short Guide for Spotting Phishing AttemptsKnowing the common signs of phishing can help you spot suspicious emails and prevent a possible compromise. Here are some examples to sharpen your focus.Thu, 12 Oct 2023 21:01:00 Zhttps://www.cisecurity.org/insights/blog/the-crucial-role-of-cybersecurity-for-us-election-officesThe Crucial Role of Cybersecurity for U.S. Election OfficesU.S. election offices can't always afford to buy what they need for effective cybersecurity. Here's how CIS can help.Tue, 10 Oct 2023 15:29:00 Zhttps://www.cisecurity.org/insights/blog/cis-benchmarks-october-2023-updateCIS Benchmarks October 2023 UpdateHere is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for October 2023.Tue, 10 Oct 2023 13:49:00 Zhttps://www.cisecurity.org/insights/blog/dbir-2023-sme-cyber-defense-begins-with-the-cis-controlsDBIR 2023: SME Cyber Defense Begins with the CIS ControlsVerizon's DBIR 2023 references the CIS Controls throughout as effective mitigation tactics for SMEs to defend against top attack patterns. Fri, 06 Oct 2023 16:33:00 Zhttps://www.cisecurity.org/insights/blog/what-is-cyber-threat-intelligenceWhat Is Cyber Threat Intelligence?The MS- and EI-ISAC Cyber Threat Intelligence team helps support SLTTs' cybersecurity defenses. Here's what we mean when we say "CTI."Wed, 04 Oct 2023 18:20:00 Zhttps://www.cisecurity.org/insights/blog/11-cyber-defense-tips-to-stay-secure-at-work-and-home11 Cyber Defense Tips to Stay Secure at Work and HomeTo uphold your personal responsibility for cybersecurity, here are 11 steps that you can use to strengthen your cyber defense at home and at work. Wed, 04 Oct 2023 13:15:00 Zhttps://www.cisecurity.org/insights/blog/a-short-guide-for-spotting-phishing-attemptsA Short Guide for Spotting Phishing AttemptsKnowing the common signs of phishing can help you spot suspicious emails and prevent a possible compromise. Here are some examples to sharpen your focus.Wed, 04 Oct 2023 13:15:00 Zhttps://www.cisecurity.org/insights/blog/2022-ncsr-sltts-excel-in-recovery-planning-and-mitigation2022 NCSR: SLTTs Excel in Recovery Planning and MitigationThe results of the 2022 Nationwide Cybersecurity Review (NCSR) are out! Learn where SLTTs excelled and struggled in their cybersecurity efforts.Mon, 02 Oct 2023 13:01:00 Zhttps://www.cisecurity.org/insights/blog/fast-track-your-implementation-of-essential-cyber-hygieneFast-Track Your Implementation of Essential Cyber HygieneOur implementation guide works as a ladder to help you rapidly adopt IG1 of the CIS Controls and achieve essential cyber hygiene.Thu, 28 Sep 2023 17:23:00 Zhttps://www.cisecurity.org/insights/blog/how-to-secure-your-online-identity-with-security-keysHow to Secure Your Online Identity with Security KeysAn intern with our CTO office embarked on a short project to protect her accounts with security keys. Here's what her experience was like.Thu, 28 Sep 2023 16:13:00 Zhttps://www.cisecurity.org/insights/blog/albert-network-monitoring-guarding-state-local-governmentsAlbert Network Monitoring: Guarding State, Local GovernmentsAlbert Network Monitoring is an intrusion detection system (IDS) designed to help SLTTs protect their networks against cyber threats. Here's how.Wed, 20 Sep 2023 16:04:00 Zhttps://www.cisecurity.org/insights/blog/6-mitigation-strategies-to-make-the-most-of-audit-results6 Mitigation Strategies to Make the Most of Audit ResultsAudits are valuable tools that help you to identify potential risks, inefficiencies, and gaps. Here's how to make the most of your audit results.Thu, 14 Sep 2023 13:26:00 Zhttps://www.cisecurity.org/insights/blog/defense-in-depth-a-necessary-approach-to-cloud-securityDefense-in-Depth: A Necessary Approach to Cloud SecurityDefense-in-depth is a necessary methodology for securing the cloud. Here's how the Center for Internet Security can help your organization.Wed, 13 Sep 2023 12:59:00 Zhttps://www.cisecurity.org/insights/blog/build-a-robust-continuous-audit-program-in-10-stepsBuild a Robust Continuous Audit Program in 10 StepsWant visibility of control deficiencies, potential fraud, and compliance issues? A continuous audit program can help. Here's how you can get started.Tue, 12 Sep 2023 14:24:00 Zhttps://www.cisecurity.org/insights/blog/congratulations-youre-compliant-charting-your-path-aheadCongratulations, You're Compliant: Charting Your Path AheadWhat comes next after you've achieved compliance? We've got seven things for your consideration. A CIS SecureSuite Membership can help.Fri, 08 Sep 2023 19:38:00 Zhttps://www.cisecurity.org/insights/blog/uphold-linux-systems-performance-and-availability-in-azureUphold Linux Systems' Performance & Availability in AzureThe Center for Internet Security has partnered with Microsoft Azure to test CIS Hardened Images for Linux using the Azure Monitor Agent.Fri, 08 Sep 2023 19:28:00 Zhttps://www.cisecurity.org/insights/blog/fair-a-framework-for-revolutionizing-your-risk-analysisFAIR: A Framework for Revolutionizing Your Risk AnalysisFAIR is a leading methodology for quantifying and managing information risk. Here's how a CIS SecureSuite Membership can support your risk analysis.Wed, 06 Sep 2023 20:09:00 Zhttps://www.cisecurity.org/insights/blog/cis-benchmarks-september-2023CIS Benchmarks September 2023Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for September 2023.Wed, 06 Sep 2023 19:26:00 Zhttps://www.cisecurity.org/insights/blog/cloud-security-and-functionality-dont-settle-for-just-oneCloud Security and Functionality: Don’t Settle for Just OneCIS is testing its CIS Hardened Images with Azure Update Manager and Amazon EC2 Image Builder. Here's what this means for your cloud security.Wed, 30 Aug 2023 18:43:00 Zhttps://www.cisecurity.org/insights/blog/quantitative-risk-analysis-its-importance-and-implicationsQuantitative Risk Analysis: Its Importance and ImplicationsQuantitative risk analysis can help your organization understand and address risks on an ongoing basis. Here's a closer look at its benefits.Wed, 30 Aug 2023 15:25:00 Zhttps://www.cisecurity.org/insights/blog/4-reasons-why-assessments-are-key-to-your-governance-audits4 Reasons Why Assessments Are Key to Your Governance AuditsDid you know that assessments naturally complement your governance audits? Here's how you can use CIS SecureSuite to realize these benefits.Wed, 23 Aug 2023 16:16:00 Zhttps://www.cisecurity.org/insights/blog/renew-your-ransomware-defense-with-cisas-updated-guidanceRenew Your Ransomware Defense with CISA's Updated GuidanceThe MS-ISAC has worked with CISA to update its #StopRansomware Guide that you can use to strengthen your ransomware defense.Tue, 22 Aug 2023 16:27:00 Zhttps://www.cisecurity.org/insights/blog/cis-benchmarks-community-volunteer-spotlight-james-triggCIS Benchmarks Community Volunteer Spotlight: James TriggJamie Trigg has done a lot to support CIS Linux Benchmarks. Hear his story about volunteering for the CIS Benchmarks Community.Mon, 21 Aug 2023 16:07:00 Z