Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

CIS RAM v1.0 (Risk Assessment Method) Launch Event

April 30, 2018

CIS RAM v1.0 (Center for Internet Security® Risk Assessment Method) is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls™ v7 cybersecurity best practices. CIS RAM v1.0, a free tool, provides step-by-step instructions, examples, templates, and exercises for conducting a cyber risk assessment.

"The CIS RAM is a powerful tool to guide the prioritization and implementation of the CIS Controls, and complements their technical credibility with a sound business risk-decision process," said Tony Sager, Senior Vice President and Chief Evangelist at CIS. "We see the CIS RAM as a method that organizations of all maturity levels can use."

CIS RAM v1.0 was developed by HALOCK Security Labs in partnership with CIS. HALOCK had been providing CIS RAM methods for several years with a positive response from legal authorities, regulators, attorneys, business executives, and technical leaders. HALOCK and CIS collaborated to bring the methods to the public as CIS RAM v1.0 in 2018. CIS is a founding member of the DoCRA Council that maintains the risk analysis standard that CIS RAM v1.0 is built upon.

What you will learn:

  • How to conduct cyber risk assessments so they meet the requirements of established information security risk assessment standards, legal authorities, and regulators with step-by-step instructions, templates, and examples.
  • What is considered “reasonable” uses of the CIS Controls to address the mission, objectives, and obligations of each environment.
  • Find the balance of what regulators and judges look for to determine whether an organization has been reasonable.


  • Tony Sager, CIS Senior Vice President, and Chief Evangelist


  • Phil Langlois, CIS Controls Technical Product Manager
  • Chris Cronin, Partner – HALOCK Security Labs
  • Paul Otto, Attorney – Hogan Lovells LLC

Watch the webinar