CIS Critical Security Controls Implementation Group 2

CIS Critical Security Controls Implementation Group 2

By Steve Gold
Posted in Security
On December 10, 2024

Well, that’s a wrap! Bryon Singh and I published a blog on all 56 cyber defense safeguards from CIS Critical Security Controls Implementation Group 1. These 56 safeguards are considered “essential cyber hygiene” for every organization. CIS recommends these safeguards as what every enterprise should apply to defend against the most common attacks.

Transitioning from CIS Controls IG1 to IG2

Building a strong foundation with CIS Controls Implementation Group 1 (IG1) is just the beginning of a cybersecurity journey. IG1 sets the stage, focusing on essential cyber hygiene to protect organizations from common threats. Now, as we shift gears towards Implementation Group 2 (IG2), we delve deeper into advanced safeguards, aimed at enhancing resilience against more sophisticated cyber threats.

IG1 Recap: A Solid Groundwork

In IG1, we concentrated on the fundamental 56 safeguards. These form the backbone of a robust cybersecurity strategy, emphasizing:

  • Basic asset inventory management
  • Secure configuration for hardware and software
  • Continuous vulnerability management
  • Controlled use of administrative privileges
  • Implementation of malware defenses

Stepping Up: Embracing IG2

With the groundwork laid, IG2 introduces 74 additional safeguards, broadening and deepening our security posture. IG2 encompasses more granular controls, focusing on:

  • Enhanced monitoring and analysis
  • Improved incident response capabilities
  • More robust data protection mechanisms
  • Advanced access control measures
  • Comprehensive risk assessment protocols

This provides not just an extension but an enrichment of our cybersecurity framework, propelling us from basic protective measures to a more proactive and resilient defense stance.

Why Transition Matters

The shift from IG1 to IG2 isn’t merely procedural; it reflects an organization’s commitment to adapt and advance in the face of evolving threats. By integrating IG2 safeguards, we ensure a more dynamic, responsive, and thorough approach to cybersecurity, capable of mitigating risks that are increasingly complex and targeted.

Conclusion

The journey from IG1 to IG2 is a testament to an organization’s growth and dedication to cybersecurity excellence. It’s about transforming from a basic defensive strategy to a more sophisticated, nuanced approach, ensuring that every aspect of the organization is shielded against the ever-changing landscape of cyber threats. Stay tuned as we explore each of these 74 new safeguards in detail.

Steve Gold

Steve Gold

Steve Gold is the Cybersecurity Practice Director at Gotham Technology Group (Gotham). He is responsible for providing the vision and thought leadership to expand Gotham’s legacy of success and build a world-class cybersecurity practice. He works closely with Gotham’s customers, industry partners, and subject matter experts to develop relevant solutions for Gotham’s clients and prospects.

Prior to joining Gotham, Steve worked with the Center for Internet Security (CIS), where he expanded the global reach, revenue, and impact of the CIS Benchmarks, CIS Controls, and CIS Hardened Images. He led the efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay secure in the connected world. He grew a team of security specialists from 12 to over 40 to assist organizations with implementing security best practices in their continual journey of cybersecurity maturity.

During his more than 20-year career, Steve led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies such as Varonis, VMware, Dell & Wyse Technology

Steve is a frequent speaker/moderator at industry conferences and webinars, covering a wide array of information security topics. He resides and works remotely in Baltimore, MD.