CIS Website Privacy Policy

Current version v2.0 published date: 5/21/18
Privacy policy version history.

CIS knows that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly. This notice describes our privacy policy, including what data we collect, how we use it and for what purpose. Given the importance we place on privacy it is important that you read this policy carefully.

This website is intended to make it easy and efficient to learn about and interact with CIS and its various program areas such as CIS Controls, CIS Benchmarks, CIS CyberMarket, and the MS-ISAC.

The mission of CIS is to improve and enhance cybersecurity, so we are sensitive to the privacy issues on the Internet and recognize that visitors to this website and those who use our products and services are concerned about the type of information we collect and how we use it. CIS is committed to preserving your privacy and this policy discusses our practices.

Information we collect

(1) personal information, which is information that can be identified to a particular individual because of a name, number, symbol, mark or other indicator; and (2) non-personal information that does not identify a particular individual.

CIS receives and stores certain types of information whenever you interact with us. Any personal information you provide is voluntarily gathered by initiating an online transaction, such as a survey, registration or order form, or establish a login for access and use of certain tools or SecureSuite member areas of our website. If you do voluntarily provide personal information, your email address and the entire contents of your email message and other information you provide are retained.

If you do not wish to have identifying information disclosed, we honor all requests to omit individual or organization names from website listings. If such a request is made, identifying information will not be disclosed by CIS unless we are legally required to do so.

Cookies

Cookies are text files stored by your web browser in order to record information about you or your activities on a website. Using cookies for this purpose is a common, generally accepted practice on the Internet. We may use temporary cookies to enhance, customize, or enable your visit to this website. Temporary cookies do not contain personal information that can be used to identify you, do not compromise your privacy or security, and are erased when you close your browser.

Certain features on this website may require you to fill in a registration form used to personalize your user experience. Such features may store a persistent cookie on your computer's hard drive that is not deleted when you close your browser. A persistent cookie allows us to recognize you on your next visit and tailor your user experience to your needs and interests.

If the program you use to access this site is set to refuse new cookies or delete existing cookies, your ability to use some of the features on this website may be limited.

Types of cookies used by CIS:

Category What do they do?
Necessary These cookies are essential to make the CIS website functional and work. The enablement of these cookies is to enable specific feature, without which the user experience would be null.
Analytics/Performance Cookies are used to determine performance, we use these cookies to understand and improve our products and services.
Targeting/Marketing CIS may uses these cookies to show you relevant advertising and targeted ads. We may also use them to learn about ad utilization and the action taken with a specific marketing cookie, e.g. to visit and download a benchmark, join a webcast or download a whitepaper. Similarly partners may use the same process to determine ad performance, and the use of ads both on and off the CIS website.
Preferences/ Functional These cookies define the preferences you preferred setting and communication preferences are.

In order to utilize the functionality and provided the required information CIS needs to process and manage products and services, some cookies are deemed Strictly Necessary. These are required to maintain the functionality of the CI products and services offered. If your preference is to not accept these cookies your actions and access to specific products and services will be severely limited and in some cases restricted.

The specific cookies used by CIS are listed here.

Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.

Managing cookies in your browser, opt out options for cookies.

Depending on personal preference, you may want to limit or delete cookies. This preference can be implemented within your web browsers and gives you the ability to manage cookies to suit your requirements. Depending on the browser it may limit or delete cookies, so you may want to review your cookie settings and advertisement or marketing settings. In some browsers you can set up rules to manage cookies on a site-by-site basis, giving you more fine-grained control over your opt-out needs. This means is that you can disallow cookies from all sites based on your privacy preference.

Information obtained by Google Analytics

This website uses the Google Analytics web analysis service and enters into an agreement with Google as the data processor. Google Analytics stores a persistent cookie on your hard drive. The information in this cookie (including your IP address) is transmitted to Google and stored on Google servers. Google uses this information to anonymously analyze your use of the website, compile reports on your website activity for site operators, and provide other services related to your website activity and Internet usage. Google may transfer this information to third parties where required to do so by law or where those third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

By using this website, you consent to Google's processing of data about you. For a review of Google Privacy Policy please see https://policies.google.com/privacy.

Who has access to this information?

If you provide personal information to CIS, our employees who have access based upon specific roles defined by procedural role based access controls, use this information following appropriate procedures in handling and disclosing your information. All personal information about you or your organization that we receive via fax or mail is physically protected.In addition, CIS has implemented procedures to safeguard the integrity of its information technology assets, including but not limited to authentication, monitoring and auditing. These security measures have been integrated into the design, implementation and day-to-day operations of this website as part of our continuing commitment to the security and privacy of electronic content as well as the electronic transmission of information.

How we use the information collected

We do not sell or distribute email addresses or other personal information to others for their commercial use.

  • Providing you with the CIS applications, information, and websites for which you have registered, as well as any products or services, or support requested
  • Publish listings of CIS SecureSuite members and CIS Controls Supporters on our website which, in the case of individual members, includes names and organizational affiliations
  • Publish testimonials of CIS products and service on our website provided by individuals, which would include name, title and affiliate organization
  • Gain a better understanding how our website, product or services are being used so we can improve them and engage with users
  • Diagnosing problems
  • Sending you business messages and marketing related to payments or expiration of subscriptions
  • Sending you information about CIS products, services, opportunities, updates, advisories, special offers, and similar information
  • Conducting market research about our customers, and the effectiveness of our marketing campaigns

We also collect some information that is not considered to be personal information. When visiting our website the following non-personal information about your visit is automatically collected and stored:

  • The type of browser and operating system you use when you visit this site;
  • The date and time when you visit this site;
  • The webpage and services you access at this site;
  • The forms that you download from this website.
  • Additionally, non-personal information such as a company or governmental entity name and address. IP address may be provided when registering or singing up for CIS products or services. This information is used to determine eligibility for certain products or services.

We use non-personal information internally to find out how people use this website, to help us understand which types of information are of most interest to our visitors so that we can improve this website's content, to assess system performance and to identify problem areas. We do not sell or distribute this information to others for their commercial use.

If you do not use this website to request services or information, you may receive them by other means (such as through your membership in a group to which we may send correspondence). Your ability to view or download most information available to the public on this website will not be affected.

The utilization of this information is strictly for legitimate business purposes and is retained for only as long as necessary to carry out the specific requirements of providing CIS products, services, opportunities, updates, advisories, special offers, and similar information.

Access to your personal information

As a service provider we aim to provide you the necessary access to update the personal information that is within our records. If that information is incorrect we give you ways to update it quickly.

If your request to delete the data that is present within our systems, we will do so with a validated request, unless we have to keep that information for legitimate business or legal purposes. The maintenance of service is required to protect all information from accidental or malicious destruction. If your request to delete is completed we may not immediately delete this data from residual copies and we may not remove it from archived or backed up systems.

Other Websites

This website may provide links to websites maintained by other organizations. A link to another website does not constitute an endorsement of the content, viewpoint, accuracy, opinions, policies, products or services of that other website. Once you navigate from this website to another site, you are subject to the terms and conditions of that site, including the provisions of its privacy policy.

Links to CIS Website

We welcome links to the CIS website. Although we prefer that you link to our homepage, you may create links to specific pages within our website. Any individual or organization linking to CIS's website must comply with all applicable laws and with the following conditions:

Unless CIS specifically authorizes you to do so, you may not imply that CIS endorses you, your organization, or your products;

  • You may not misrepresent your, or your organizations, relationship with CIS;
  • You may not present false information about CIS;
  • You may not link to the CIS website if your or your organization's website contains content that could be construed as distasteful, offensive or controversial, or is not appropriate for viewing by all age groups.
  • CIS may change content on our site at any time, causing other organizations to have a broken or incorrect link.
  • CIS is not responsible for misdirected links from external websites.

The information provided in this privacy policy cannot be interpreted as business, legal or other advice, or as warranting fail-proof security for information provided through this website. Information provided on this website is intended to allow the public access to information related to CIS. While all attempts are made to provide accurate, current and reliable information, there is possibility of human and/or mechanical error. If your personal data is in error your ability to rectify this information is controlled by using the manage account function within CIS products or services.This privacy policy is not intended to and does not create any contractual or other legal rights for or on behalf of any party.Who can I contact with questions or concerns?For any issues, omissions, or questions please contact privacy@cisecurity.org

Who can I contact with questions or concerns?

For any issues, omissions, or questions please contact privacy@cisecurity.org