by Heath Gieson As we continue our weekly journey through the CIS IG1 controls, each safeguard builds on the operational foundations we’ve been establishing from the very beginning of this series. Our early controls focused on visibility—knowing what assets exist,...
by Tim Marley Over the last few weeks, we have been building the foundation of a responsible data management program. In CIS Control 3.1, we talked about establishing a data management program and why organizations need a structured approach to governing their...
by Tim Marley Over the last few weeks, we have talked about knowing what data you have and who has access to it. CIS Control 3.1 – We discussed the importance of creating a data management program. The importance of the overall program before breaking down key...
by Tim Marley We have spent the last two weeks in the CIS Controls series talking about data management and data inventory. Knowing what you are responsible for. Knowing where it lives and how it moves. This week, Control 3.3, is about deciding who gets to touch it....
by Heath Gieson It usually starts the same way. An alert comes in overnight. Maybe it is an email from a security vendor. Maybe it lands in a shared inbox. Maybe it shows up in a dashboard no one looks at until Monday morning. Someone flags it for review. Someone else...
by Tim Marley Last week we talked about data management at a high level. The operating model, the responsibility, the reality that organizations are...
by Tim Marley Over the course of my career, and particularly in the last five to ten years, the topic of data management comes up frequently....
Most organizations assume that corporate devices only run approved software. In reality, that assumption is often wrong. Users are inherently...
Most security conversations focus on what software exists in an environment. CIS Control 2.2 pushes the conversation one step further by asking a...
One of the themes we keep hitting in the CIS IG1 series is simple: you can’t protect what you don’t know you have. That’s true for hardware—and it’s...
When we kicked off this series with Control 1.1: Establish and Maintain a Detailed Enterprise Asset Inventory, we focused on the Identify security...
By Heath Gieson If you don’t know what you have, how can you protect it? That simple question is why the very first control in the Center for...
Cybersecurity leaders are facing a rapidly evolving threat landscape. According to CSO Online’s latest Security Priorities Study, CISOs (Chief...
By Heath Gieson What if I told you that the biggest challenges in your growing business most likely are not about money, talent, or even...
