CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises

in #security3 years ago

I just came across a concise and possibly a useful security guide for small businesses to asses the overall security posture of their business. This advice equally applies to organisations of all sizes; however, given the complexity of large organisations the level of detail here would fall short. Moreover, large organisations require dedicated security staff but they also have the budget for that too. :-)

I suggest this as a possible starting point for small business and startups.

The guide

CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises (PDF)

The guide has been created by CIS (Center for Internet Security) who are a reputable name for providing guidance on system hardening. I refer to their notes in my professional job and believe that they provide reliable security information. The good thing is that there are some practical suggestions too.

The guide has 3 phases which lead you from figuring out what assets your organisation has to actually trying to secure them:

  • Know your environment
  • Protect your assets
  • Prepare your organization

As a first attempt at securing your organisation that's a reasonable way to begin.

Startup Security

The guide doesn't have a lot of depth but it is at least a starting point. It is something which is easy to read and could be quick to action. I think this is important as while there is a lot of enthusiasm in the blockchain space I suspect that security is still an after thought in many cases.

Startups will rely upon their founders enforcing security, assuming that they know enough in the first place, but I suspect that security will be left to each individually employee to figure out on their own. As you should expect, this is not great. Interestingly, while large organisations have a huge attack surface there is also a reasonable chance that they have a secure maturity operation (a chance, not a guarantee) while startups have a far smaller attack surface but are far more immature.

Hat Tip

I have to give a hat tip to a colleague and to a post on the SANS website that lead to the discover of this guide: forum post

Disclaimer: this is not the opinion of my employer.

Coin Marketplace

STEEM 0.21
TRX 0.02
SBD 1.02