This month we highlight the next CIS Control in The IT Company’s blog series! The IT company has walked you through the first nine CIS Controls, which means we are about halfway through the controls! In case you haven’t been keeping up we with The IT Company’s blog series, we thought this would be the perfect chance to recap on the Controls we have already discussed, before introducing number 10!

  • CIS Controls 1 and 2 emphasized the importance of assessing the physical hardware your company has, as well as the software you have on it.
  • CIS Control 3 was very much so about configuration management and taking the steps of this control to make things more consistent, while also minimizing the ability for attackers to enter your network.
  • CIS Control 4 then took the knowledge of what was gained in Controls 1-3 and utilized it. Control 4 focuses on scanning both internal and external networks in order to assess the posture of the environment.
  • CIS Control 5 was discussed as being the step of looking at just how mature you want your company’s security to be. It helps you to make sure everything put out has been validated and stored in your sources.
  • CIS Control 6 is all about your system logs. It puts a priority on collecting and storing all of your company’s system logs in one central place.
  • CIS Control 7 is arguably one of the most import controls, as it walked readers through the focus needed on the vulnerability of email clients and web browsers due to the amount of end user interaction.
  • CIS Control 8 is one that IT companies are all too familiar with as it narrows in on thecontrolling the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.
  • CIS Control 9 monitors that every network port, protocol and service actively running on any system has valid business needs and usage.

Which leads us to the next control, CIS Control 10Data Recovery Capability.  

CIS Control 10 is essentially the processes and tools used to properly back up critical information with a method of having a timely recovery of it.

It is known by many IT companies that when an attacker gets into a network and compromises a machine, they more often than not make a vast amount of changes to the configurations and software. When this happens, it can be difficult to fully remove the attackers presence on the machine, unless a trustworthy data recover capability is in place.

CIS Control 10 is put in place to ensure that all data on systems is backed up regularly. It also works to ensure that key systems are backed up as a complete system, which allows for quick recovery of an entire system when needed.  Tools such as imaging, can help with ensuring that these critical things are in place.

If you are unsure if your company currently has Data Recovery Capabilities in place, or you have further questions about CIS Control 10, reach out to us! The IT Company staff would love to assist you in better protecting your company.

And be sure to look out for the remaining 10 CIS Controls as a part of The IT Company blog series!