Implementation Guide for Small- and Medium-Sized Enterprises CIS Controls IG1

Credit card breaches, identity theft, ransomware, stolen passwords, theft of intellectual property, loss of privacy, denial of service – these cyber incidents have become everyday news. Victims include some of the largest, best-funded, and most security-savvy enterprises: government agencies, major retailers, financial services companies, even security solution vendors. Many of the victims have millions of dollars to allocate for cybersecurity, yet they still fall short with their cyber defenses.

What does this mean for enterprises with smaller budgets and more limited staff? How can they effectively respond to the continuing cyber problem?

This guide seeks to empower small- and medium-sized enterprise (SME) owners to help them protect their enterprises with a limited number of high-priority actions based on the Center for Internet Security’s Critical Security Controls (CIS Controls). It works as a ladder to help SMEs rapidly adopt Implementation Group 1 (IG1), or essential cyber hygiene. Once they have taken the steps recommended within this guide, SMEs should identify the IG1 Safeguards they have yet to complete and ensure they are putting all of the IG1 Safeguards into place within their IT infrastructure.