Home / Articles / Top 5 Controls for Securing your Environment

Top 5 Controls for Securing your Environment

October 18, 2019

Share:

Approximately 85% of cyberattacks can be prevented by implementing the Center for Internet Security (CIS) Top 5 Controls framework. The entire CIS Top 20 Controls framework helps organizations combat the most pervasive and dangerous cyberattacks, but the first five can help prevent a high percentage of those.

The CIS Top 5 Controls include the following:

  1. Inventory and Control of Hardware Assets

All hardware devices should be actively managed and tracked to ensure that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.

  • Utilize an active discovery tool
  • Use a passive asset discovery tool
  • Use DHCP logging to update asset inventory
  • Maintain detailed asset inventory
  • Maintain asset inventory information
  • Address unauthorized assets
  • Deploy port level access control
  • Utilize client certificates to authenticate hardware assets
  1. Inventory and Control of Software Assets

Same as hardware above – all software should be tracked, inventoried and managed so that only authorized users and authorized software can be installed and executed.

  • Maintain inventory of authorized software
  • Ensure software is supported by vendor
  • Utilize software inventory tools
  • Track software inventory information
  • Integrate software and hardware asset inventories
  • Address unapproved software
  • Utilize application whitelisting
  • Implement application whitelisting of libraries
  • Implement application whitelisting of scripts
  • Physically or logically segregate high-risk applications
  1. Continuous Vulnerability Management

Ongoing assessments and testing to identify vulnerabilities is very important to maintain secure systems. Any issues detected should be identified and remediated as soon as possible to reduce the window of potential risk.

  • Run automated vulnerability scanning tools
  • Perform authenticated vulnerability scanning
  • Protect dedicated assessment accounts
  • Deploy automated operating system patch management tools
  • Deploy automated software patch management tools
  • Compare back-to-back vulnerability scans
  • Utilize a risk-rating process
  1. Controlled Use of Administrative Privileges

The processes and tools used to track/control/prevent/correct the use, assignment and configuration of administrative privileges on computers, networks, and applications.

  • Maintain inventory of administrative accounts
  • Change default passwords
  • Ensure the use of dedicated administrative accounts
  • Use unique passwords
  • Use multi-factor authentication for all administrative access
  • Use dedicated workstations for all administrative tasks
  • Limit access to script tools
  • Log and alert on changes to administrative group membership
  • Log and alert on unsuccessful administrative account login
  1. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

Establish, implement and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.

  • Establish secure configurations
  • Maintain secure images
  • Securely store master images
  • Deploy system configuration management tools
  • Implement automated configuration monitoring systems

All content provided in this article is for informational purposes only. Matters discussed in this article are subject to change. For up-to-date information on this subject please contact a Clark Schaefer Hackett professional. Clark Schaefer Hackett will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within these pages or any information accessed through this site.

Guidance

Related Articles

Article

2 Min Read

Navigating the New Data Privacy Landscape

Article

2 Min Read

Don’t Be a Victim of Construction Fraud

Article

2 Min Read

Infographic: 7 Reasons to increase Your Cybersecurity Budget

Article

2 Min Read

Infographic: 7 Common Behaviors That Make Your Company an Easy Target

Article

2 Min Read

CSH Announces New Shareholder and 2021 Promotions

Article

5 Min Read

4 Benefits of Custom Software Applications

Get in Touch.

What service are you looking for? We'll match you with an experienced advisor, who will help you find an effective and sustainable solution.
  • Hidden
  • This field is for validation purposes and should be left unchanged.