CSW S1, E32 - Manage and Control Your User Accounts the Right Way

Fred Cobb – CISO and VP of Services, InfoSystems
Rob Ashcraft – Sr. Cyber Security Strategist

This episode of the Cybersecurity Weekly Podcast is Part 16 of our series on the Center for Internet Security Top 20 Controls. Here's a quick list of where we're at:

Basic CIS Controls 1-6
Foundational CIS Controls
7. Email and Web Browser Protections
8. Malware Defenses
9. Limitation and Control of Network Ports, Protocols, and Services
10. Data Recovery Capability
11. Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
12. Boundary Defense
13. Data Protection
14. Controlled Access Based on the "Need to Know"
15. Wireless Access Control
16. Account Monitoring and Control

In this episode, Fred and Rob discuss the tenth Foundational CIS Control, Account Monitoring and Control. This control is used to actively manage and control user accounts-such as that of employees or contractors-from creation to deletion. Account Monitoring and Control is most impactful when a company has taken action against the first 15 CIS Controls (following the CIS Top 20 Cybersecurity Controls).

Inactive user accounts are one of the many ways cyber criminals exploit organizations. A user account is any account associated with a business process or business owner. These belong to employees and contractors. When an employee leaves or a partner portal is no longer needed, these accounts-if not deleted-become inactive and remain in the open with nobody managing them. This creates an open door for cyber criminals to misuse these accounts. And this misuse can be left undetected due to the legitimacy of the user account they've exploited.

There are simple steps you can take to create a more secure environment. Such as requiring multi-factor authentication for all user accounts and disabling all accounts that are no longer associated with the business. While these steps help build a layered defense strategy, there is no "silver bullet" when it comes to security.

You can implement these CIS controls yourself, but it may cost you a substantial amount of time, money, and effort. There are Cybersecurity experts who specialize in getting these controls set up for hundreds of organizations.

Listen to the full episode to learn how your business can begin following the Center for Internet Security Top 20 Controls and make your company more secure.

More Information
We'd love to hear your feedback. If you have any questions, you can text us at 423-697-9528 or email marketing@infosystems.biz.

This episode discusses Control 16 of the CIS (Center for Internet Security) "Top 20 Controls." The Top 20 Controls are a set of prioritized best practices designed to help organizations protect themselves from cyber-attacks. It is a framework for every organization, whether you have a full department of IT support or don't have security programs or measures in place. You can learn more about the 20 CIS Controls here.

See the break-down of these CIS Controls' Sub-Controls here.

Discover how other organizations are using these controls here.

Download the CIS Controls for more details on implementing this and the other 19 Controls here.