Intermediate

Security Controls: The CIS Controls

security · controls · cis · governance · risk · compliance · networking · systems · globomantics · control · planning · areas · assessing · benchmarks · groups · implement · maintaining ·...

Security controls are measures or safeguards implemented to protect an organization's information assets — its systems, data, equipment, facilities, people, and processes — from harm, danger, or malicious activity. Before examining the CIS Controls specifically, it is useful to review the general vocabulary used to classify controls, since this vocabulary recurs throughout the CIS Controls framework.

These control functions can overlap. For example, a data backup could reasonably be classified as both a recovery control (it restores lost data) and a preventative control (it prevents permanent data loss). Rather than trying to force every control into a single, rigid function, treat these categories as descriptive labels that can apply in combination.

The CIS Controls are a comprehensive set of security controls promoted by the Center for Internet Security (CIS) that organizations use to secure their information assets — systems, data, and more. The CIS Controls are one of two components of the CIS Best Security Practices; the other component is the CIS Benchmarks (covered later in this document).

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

7 sections
  1. 1 Table of Contents
  2. 2 Module 1: Understanding the CIS Controls
  3. 3 Module 2: Planning Your CIS Implementation
  4. 4 Module 3: Implementing the CIS Controls
  5. 5 Module 4: Maintaining and Assessing the CIS Controls
  6. 6 Module 5: Case Study — Implementing the CIS Controls at Globomantics
  7. 7 Summary

More Governance, Risk & Compliance courses

View all 12

Interested in this course?

Contact us to book it or get a custom training plan for your team.