Back to Blog Home

How CIS Controls Can Simplify Cybersecurity

December 15, 2021

Our previous blog post explored how security frameworks like ITSG-33 and the NIST Cybersecurity Framework (CSF) can help make your enterprise ransomware resistant. While there is a lot of information out there about these frameworks, the complicated steps recommended to strengthen your company’s cybersecurity defenses can feel overwhelming. To make this daunting task seem a little more manageable, we’ll explain how CIS Controls can help simplify your organization’s approach to cybersecurity.

It’s easy to feel intimidated by the CSF from the National Institute for Standards and Technology (NIST). With 23 categories and 108 subcategories detailing key aspects of cybersecurity, the framework might seem as impossible (and as unappetizing) as eating an elephant. It’s hard to know where to begin. But like any valuable and effective undertaking, the key is to tackle it one bite at a time.

That’s where CIS Controls come into play. By breaking cybersecurity down into easily understandable steps, these proven best practices can help you start your journey toward a safer, more secure IT environment. Here’s how.

Also read: How do you ensure the security of your supply chain?

Making sense of CIS Controls

Like the ITSG-33, the NIST CST is a comprehensive cybersecurity framework. These sophisticated frameworks work well for highly regulated industries such as banks, hospitals, utilities, and government agencies that must address strict compliance issues, diligently protect their customers’ data, and show definitively that their data is safeguarded against cyberattacks.

But for medium-sized companies that may not be as tightly regulated or face strict compliance standards, the cybersecurity controls from the Center for Internet Security (CIS) might be a better solution. CIS offers a set of best practices that can be downloaded for free and easily applied to service organizations, retail companies, schools, manufacturing operations, and other less regulated sectors.

CIS presents these controls in easily comprehensible language with clear-cut instructions, making cybersecurity easier for small organizations with limited IT resources. Committed to simplifying cybersecurity compliance for all organizations, CIS developed these best practices using input from IT security experts around the globe to protect companies against imminent cyber threats.

Also read: How to transform your data security program with automation

Safeguarding your IT environment

The latest version of controls from CIS includes 18 categories encompassing 153 safeguards. CIS prioritizes these safeguards into three implementation groups based on your organization’s cybersecurity preparedness level. Safeguards map to various assets within your organization—ranging from computers to software applications to your entire corporate network­—and complete a particular function for that asset.

Just like the NIST CSF, the CIS Controls process ultimately boils down to five main functions:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

By prioritizing CIS Controls to achieve these five security functions in your organization, you can protect against cyber threats and make your IT environment a safer place.

Contact the security experts at OnX Canada for help implementing or upgrading your organization’s cybersecurity program to improve your defenses against modern cyber-attacks.

Previous Post:

How do you ensure the security of your supply chain?

Next Post:

Strengthen your cybersecurity defenses with the MITRE ATT&CK Framework