Crysis Averted and the CIS Controls

Risk Assessment for Small Businesses

Crysis Averted, known for proactive attention to crisis prevention, is located in Fredericksburg, Va. The company’s core business is providing risk management services for small and mid-size businesses. The experience and skills of Crysis Averted’s CEO James Jacobs and his team are focused on helping organizations manage their risks to critical assets using IT Governance, Compliance, and Risk Management initiatives. “This is where the CIS Controls are almost perfect for establishing a security baseline for smaller organizations,” said Mr. Jacobs. The CIS Controls provide a systematic, vendor-agnostic framework for identifying, assessing, and managing information security risks.

Risk Assessment

Mr. Jacobs has been using the CIS Controls for three years. In working with small businesses, he has found that the CIS Controls provide a more feasible approach to cybersecurity than some other available risk management frameworks. “The CIS Controls are a tool that allows us to help smaller organizations develop information security programs and improve their security posture,” he explained.

“This is where the CIS Controls are almost perfect for establishing a security baseline for smaller organizations.”
-James Jacobs, CEO, Crysis Averted


Like many risk management firms, Crysis Averted uses a variety of tools to meet clients’ cybersecurity needs. These include Tenable’s Nessus Vulnerability Scanner to scan for vulnerabilities, missing patches in software, and operating systems. Mr. Jacobs also evaluates systems using NIST, PCI, HIPAA, and other frameworks.

Commitment to Cybersecurity

Mr. Jacobs is in favor of the California Attorney General’s Report recommending the CIS Controls as a reasonable minimum level of information security that all organizations should meet. “We are nearly at a critical level within cybersecurity as more and more severe and sophisticated threats emerge. We are really at a borderline crisis level of cybersecurity threats. It is important for professionals within the information security community to help educate and increase awareness to avert the crisis,” he said.

About James Jacobs

James Jacobs, CEO, has been with Crysis Averted for three years. He holds multiple certifications and has more than 20 years in information technology. Mr. Jacobs received his degree from ECPI University.