CIS Gap & Risk Assessment

The Center for Internet Security (CIS) Critical Security Controls (CSC) form a general security framework. This framework makes it possible to perform a CIS Gap & Risk Assessment for your organization. The CIS can help your organization build, mature, or grow its security program. Its requirements apply to any organization, regardless of size or industry. Three versions of the CIS are known as Implementation Groups (IGs). IG1 is more basic (56 safeguards), IG2 is moderate/moderate-high (130 safeguards), and IG3 is complex (153 safeguards). We’ll help you determine the best IG to start with and then a plan to achieve the higher IGs appropriate for your organization. 

CIS Version 8 seeks to address 18 control groups, and our assessment will cover each of these relevant to the IG level:

1. Inventory and Control of Enterprise Assets

2. Inventory and Control of Software Assets

3. Data Protection

4. Secure Configuration of Enterprise Assets and Software

5. Account Management

6. Access Control Management

7. Continuous Vulnerability Management

8. Audit Log Management

9. Email and Web Browser Protections

10. Malware Defenses

11. Data Recovery

12. Network Infrastructure Management

13. Network Monitoring and Defense

14. Security Awareness and Skills Training

15. Service Provider Management

16. Application Software Security

17. Incident Response Management

18. Penetration Testing

Penetration testing 1

CIS Gap & Risk Assessment

A valuable assessment of your overall information security program assessing the 18 CIS security controls in Version 8 of the CIS Controls.

Security is about the Journey, not a Destination