CIS Controls V7 Overview
CIS Controls v7 is the latest iteration of the Center for Internet Security’s standards to protect an organization from cybersecurity threats. They built the standard with these basic tenets in mind:
Offense informs defense
Use knowledge of actual attacks that have compromised systems to provide the foundation to continually learn from these events to build effective, practical defenses. Include only those controls that can be shown to stop known real-world attacks.
Invest first in controls that will provide the greatest risk reduction and protection against the most dangerous threat actors - and that can be feasibly implemented in your computing environment.
Measurements and metrics
Establish common metrics to provide a shared language for executives, IT specialists, auditors, and security officials to measure the effectiveness of security measures within an organization so that required adjustments can be identified and implemented quickly.
Continuous diagnostics and mitigation
Carry out continuous measurement to test and validate the effectiveness of current security measures and to help drive the priority of next steps.
Automate defenses so that organizations can achieve reliable, scalable, and continuous measurements of their adherence to the Controls and related metrics.