Fred Cobb – CISO and VP of Services, InfoSystems
Tim Morton – Technical Team Lead of Engineering Services, InfoSystems
This episode of the Cybersecurity Weekly Podcast is Part 13 of our series on the Center for Internet Security Top 20 Controls. Here's a quick list of where we're at:Basic CIS Controls 1-6
Foundational CIS Controls
7) Email and Web Browser Protections
8) Malware Defenses
9) Limitation and Control of Network Ports, Protocols, and Services
10) Data Recovery Capability
11) Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
12) Boundary Defense
13) Data Protection
In this episode, Fred and Tim discuss how you can protect your data. Data protection is the seventh Foundational CIS Control and is used to prevent your data from being exploited, lessen the effects if it is exploited, and ensure your sensitive information is kept intact. Data Protection is most impactful when a company has taken action against the first 12 CIS Controls (following the CIS Top 20 Cybersecurity Controls).
Your data is everywhere and it's everything. This makes it especially vulnerable to attackers. This is why it's so important that you know how to protect your sensitive data. It all starts with a combination of protective measures: encryption, integrity, prevention, and data loss techniques.
One such protective measure involves classifying your data into levels of sensitivity. In other words, documenting what data is sensitive and what data is not. Sensitive data can be anything from banking information or social security number to chef recipes, blueprints, and genetic information. Data that isn't classified as sensitive could be as simple as pictures from a company picnic outing. Knowing how to classify and focus on the right data means you won't be wasting time or energy.
Another protective measure you can take involves focusing on the cloud solutions your corporation uses. Are they secure? How many cloud solutions do you and your employees use? It's common for corporations to have a large number of cloud solutions in use without being aware. This leaves unnecessary open doors to attackers.
This episode covers a handful of simple steps you can take and programs you can use to assist in protecting your data.
Listen to the full episode to learn how your business can begin following the Center for Internet Security Top 20 Controls and make your company more secure.
You can implement these controls yourself, but it may cost you a substantial amount of time, money, and effort. There are Cybersecurity experts who specialize in getting these controls set up for hundreds of organizations.More Information
We'd love to hear your feedback. If you have any questions, you can text us at 423-697-9528 or email firstname.lastname@example.org.
This episode discusses Control 13 of the CIS (Center for Internet Security) "Top 20 Controls." The Top 20 Controls are a set of prioritized best practices designed to help organizations protect themselves from cyber-attacks. It is a framework for every organization, whether you have a full department of IT support or don't have security programs or measures in place. You can learn more about the 20 CIS Controls here.
See the break-down of these CIS Controls' Sub-Controls here.
Discover how other organizations are using these controls here.