What is the CIS?
The Centre for Internet Security (CIS) is a non-profit organisation that develops and promotes best practices for cyber security. Founded in 2000, CIS is a global organisation with a mission to help organisations of all sizes improve their cyber security posture by providing free and readily available resources.
What CIS offers_
- CIS controls: CIS develops a set of prioritised cyber security controls known as the CIS Controls. These controls are a prioritised and actionable list of actions that can be implemented to mitigate the most common cyber threats. The CIS Controls are freely available and can be tailored to the specific needs of any organisation.
- Benchmarking and measurement: CIS offers tools and resources to help organisations benchmark their cyber security posture against the CIS Controls. This allows organisations to identify areas for improvement and track their progress over time.
- Educational resources: CIS provides a variety of educational resources, including webinars, white papers, and case studies, to help organisations learn about cyber security best practices.
Benefits of CIS resources_
- Improved cyber security posture: By implementing the CIS Controls and leveraging CIS resources, organisations can significantly reduce their risk of cyber attacks.
- Cost-effectiveness: The CIS controls and most CIS resources are freely available, making them accessible to organisations of all sizes and budgets.
- Data-driven approach: The CIS Controls are based on real-world data and best practices, ensuring their effectiveness in mitigating cyber threats.
Using CIS Controls_
The CIS Controls are designed to be adaptable and can be implemented in organisations around the world. Here are some ways organisations can benefit from CIS Controls:
- Alignment with NCSC guidance: The CIS Controls often align with recommendations from the National Cyber Security Centre (NCSC), the UK government’s cyber security agency. This can help organizations ensure they are following best practices specific to the UK cyber threat landscape.
- Demonstrating due diligence: Implementing CIS Controls can help organisations demonstrate to stakeholders, regulators, and clients that they are taking cyber security seriously.
By leveraging the CIS Controls and educational resources, organisations can take steps to improve their cyber security posture and better protect themselves from cyber threats.