CIS RAM v1.0 (Risk Assessment Method) Launch Event

April 30, 2018

CIS RAM v1.0 (Center for Internet Security® Risk Assessment Method) is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls™ v7 cybersecurity best practices. CIS RAM v1.0, a free tool, provides step-by-step instructions, examples, templates, and exercises for conducting a cyber risk assessment.

“The CIS RAM is a powerful tool to guide the prioritization and implementation of the CIS Controls, and complements their technical credibility with a sound business risk-decision process,” said Tony Sager, Senior Vice President and Chief Evangelist at CIS. “We see the CIS RAM as a method that organizations of all maturity levels can use.”

CIS RAM v1.0 was developed by HALOCK Security Labs in partnership with CIS. HALOCK had been providing CIS RAM methods for several years with a positive response from legal authorities, regulators, attorneys, business executives, and technical leaders. HALOCK and CIS collaborated to bring the methods to the public as CIS RAM v1.0 in 2018. CIS is a founding member of the DoCRA Council that maintains the risk analysis standard that CIS RAM v1.0 is built upon.

What you will learn:

  • How to conduct cyber risk assessments so they meet the requirements of established information security risk assessment standards, legal authorities, and regulators with step-by-step instructions, templates, and examples.
  • What is considered “reasonable” uses of the CIS Controls to address the mission, objectives, and obligations of each environment.
  • Find the balance of what regulators and judges look for to determine whether an organization has been reasonable.


  • Tony Sager, CIS Senior Vice President, and Chief Evangelist


  • Phil Langlois, CIS Controls Technical Product Manager
  • Chris Cronin, Partner – HALOCK Security Labs
  • Paul Otto, Attorney – Hogan Lovells LLC

Watch the webinar