Create a defensein-depth strategy with actions you can take today.
Protect Your Organization from Digital Risks and Threats
Businesses are moving quickly to transform themselves digitally to meet market demands and customer expectations. At the same time, cyber risks and cyberthreats are growing exponentially in volume, velocity and viciousness. As you transform your business and IT systems, enable a mobile workforce and adopt more cloud services, the complexity of your business and network is growing, creating security gaps and risks that can be exploited.
To protect your organization, you need to identify the risks unique to your business, develop a prioritized strategy to mitigate those risks, and continually evolve your security program and technologies. It’s challenging to create and maintain a strong security posture with limited resources and increasingly skilled adversaries, but it’s critical to your future business success.
The path forward isn’t easy — but there is help. The Center for Internet Security (CIS) has developed a standardized approach and industry best practices that business can use to address their unique requirements and harden their security posture. Known as the CIS Critical Security Controls (CIS Controls), this approach represents the best collective thinking of IT experts across multiple industries on how to strengthen security at businesses of all sizes. OneNeck is leveraging the CIS Controls to help businesses like yours assess and meet your organization’s unique security needs.
Staying ahead of the latest security threats is a full-time job
At OneNeck, we understand your need to balance technological innovation with operational excellence. And we understand the importance of an unbiased and standardized way of assessing security preparedness. We can help you implement the controls that are right for your business and strengthen your security program — starting today.
We use the CIS Controls in our own business and to assess our services. The CIS Controls provide a prioritized set of actions that organizations can use to addresses their security needs. The controls also provide flexibility, so that you adapt them to your business. These practical actions, which combine technical security and risk management, can help mitigate the most common attacks against systems and networks and reduce corporate risk. Collectively, they can help you take a defense-in-depth approach to building your security program.
OneNeck can help you assess risks, implement the controls, and evolve your security program on an ongoing basis. To help keep your business, customers, employees and data safe and secure in any market environment, we offer:
- Layered security protection for a multi-threat environment
- A blend of business and technology expertise
Identify Your CIS Implementation Group
Make the best use of your resources to mitigate risks
We use the CIS Implementation Group (IG) methodology to help you identify priorities and invest in the controls that will provide the greatest risk reduction for your specific circumstances. Each IG categorizes controls that have been identified as reasonable priorities for organizations with similar risk profiles and resources. This methodology cuts across the CIS Controls to identify those that will most effectively mitigate risks for each IG while taking into consideration any resource constraints.
“The biggest threat organizations face is not knowing where they are on the security spectrum and how they can improve. Fortunately, CIS Controls address that need.” – Andres Torrado, Security Architect, TDS
Start your assessment by identifying the IG that best fits your organization.
Implementation Group 1 (IG1): This group is for small to medium-sized businesses (SMBs). With limited or no IT and cybersecurity experts on staff, SMBs are most concerned with keeping their business running and avoiding unintended downtime. Confidential information is typically business, employee, or financial data that is unique to their organizations.
Implementation Group 2 (IG2): In this group, organizations are typically larger and have dedicated IT employees that support multiple departments with different risk profiles and regulatory compliance requirements. IG2 organizations store and use sensitive company and customer information, and data breaches could cause them significant harm.
Implementation Group 3 (IG3): This group is made up of large organizations that have robust IT and security teams with specialists who focus on different security issues and business needs. These organizations usually possess a wealth of sensitive data that may be subject to regulations across industries and geographies.
The CIS Controls are tailored to each IG’s expected data sensitivity and criticality, staff and contractor technical expertise, and resources that are available and dedicated toward cybersecurity activities.
In this e-book, we focus on IG1 and IG2, to help guide SMBs and larger organizations that need security support through the process of understanding and implementing CIS Controls.