
Define account management to assign and control access for user, administrative, and service accounts, enforcing password policy, MFA, inventory of accounts, and access reviews.
Develop and maintain a plan for continuous vulnerability management across internal and external assets, using scanning tools, ticketing workflows, and remediation to minimize the window of opportunity.
Improve application security under CIS control 16 by integrating vulnerability management into the development lifecycle, training developers in secure coding, and securing third-party components across multi-platform architectures.
Establish and maintain an incident response program to detect, respond, contain, and recover from cyber incidents, with clear roles, communication, training, root-cause analysis, and post-incident lessons.
What is CIS?
CIS stands for The Center for Internet Security.
It is a community-driven non profitable organization formed in Oct,2000.
It makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation.
Few CIS Controls
1. Inventory and Control of Enterprise Assets - Manage all enterprise assets connected to the infrastructure physically, virtually, remotely, and those within cloud environments, to accurately know the totality of assets that need to be monitored and protected within the enterprise.
2. Inventory and Control of Software Assets - Manage all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution.
3. Data Protection - Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.
4. Secure Configuration of Enterprise Assets & Software - Establish and maintain the secure configuration of enterprise assets and software.
5. Account Management - Use processes and tools to assign and manage authorization to credentials for user accounts, including administrator accounts, as well as service accounts, to enterprise assets and software.
6. Access Control - Use processes and tools to create, assign, manage, and revoke access credentials and privileges for user, administrator, and service accounts for enterprise assets and software.