Security Controls: The CIS Controls
security · controls · cis · governance · risk · compliance · networking · systems · globomantics · control · planning · areas · assessing · benchmarks · groups · implement · maintaining ·...
Security controls are measures or safeguards implemented to protect an organization's information assets — its systems, data, equipment, facilities, people, and processes — from harm, danger, or malicious activity. Before examining the CIS Controls specifically, it is useful to review the general vocabulary used to classify controls, since this vocabulary recurs throughout the CIS Controls framework.
These control functions can overlap. For example, a data backup could reasonably be classified as both a recovery control (it restores lost data) and a preventative control (it prevents permanent data loss). Rather than trying to force every control into a single, rigid function, treat these categories as descriptive labels that can apply in combination.
The CIS Controls are a comprehensive set of security controls promoted by the Center for Internet Security (CIS) that organizations use to secure their information assets — systems, data, and more. The CIS Controls are one of two components of the CIS Best Security Practices; the other component is the CIS Benchmarks (covered later in this document).
Sign in to read this course
A free account unlocks all 514 courses. 20 are readable without one.
What's inside
7 sections- 1 Table of Contents
- 2 Module 1: Understanding the CIS Controls
- 3 Module 2: Planning Your CIS Implementation
- 4 Module 3: Implementing the CIS Controls
- 5 Module 4: Maintaining and Assessing the CIS Controls
- 6 Module 5: Case Study — Implementing the CIS Controls at Globomantics
- 7 Summary
More Governance, Risk & Compliance courses
View all 12Governance, Security and GRC
governance · security · grc · risk · compliance · networking · systems · information · controls · impact · processes · program · regulatory.
Government Facilities: Specialized Engineering
government · facilities · specialized · engineering · governance · risk · compliance · networking · systems · security · controls · physical · assessing · dod · environmental · facility ·...
Information & Cyber Security: GRC and Risk Management
This course walked through a complete, practical approach to performing information and cybersecurity risk assessments across a business lifecycle, using a running cloud-migration case st...
Information Systems Operations and Business Resilience (ISACA CISA)
This domain — information systems operations and business resilience — is worth 26% of the CISA examination when combined with its companion operations-focused course. The business-resili...
Microsoft Security, Compliance and Identity Fundamentals
In IT, compliance is a set of digital security requirements and practices. Following compliance requirements helps ensure that a company's business processes are secure and that sensitive...
NIST Risk Management Framework (RMF)
The RMF is a process model consisting of seven clearly defined steps, each with specific associated activities. While it is often described sequentially, it is in fact an iterative model:...
Interested in this course?
Contact us to book it or get a custom training plan for your team.