Home • Resources • White Papers • Auditing, Assessing, Analyzing: A Prioritized Approach using the Pareto Principle

Auditing, Assessing, Analyzing: A Prioritized Approach using the Pareto Principle

CIS applies the Pareto Principle to cybersecurity in order to develop the CIS Controls.

Overview

In an ever-growing mix of hundreds of potential cybersecurity concerns and even more proposed solutions, CIS applies the Pareto Principle – the concept that for many activities, roughly 80% of the effects come from 20% of the causes – to help prioritize cybersecurity actions.

Download PDF

CIS Controls Discussed:

1 Inventory and Control of Hardware Assets

2 Inventory and Control of Software Assets

3 Continuous Vulnerability Assessment and Remediation

4 Controlled Use of Administrative Privileges

5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

Center for Internet Security®