Center for Internet Security
How configuration assessments help improve cyber defenses
There’s an old adage in business; if you’re not measuring something, you can’t manage it. These days, information technology (IT) and information security …
3 key elements of a strong cybersecurity program
The world relies on technology. So, a strong cybersecurity program is more important than ever. The challenge of achieving good cyber hygiene can be especially acute for …
Foundational cloud security with CIS Benchmarks
Cloud service providers (CSPs) have changed the way organizations of all sizes architect and deploy their IT environments. CSPs now make it possible for organizations to …
CIS Benchmarks communities: Where configurations meet consensus
Have you ever wondered how technology hardening guidelines are developed? Some are determined by a particular vendor or driven by a bottom-line perspective. That’s not the …
Secure cloud products and services with new CIS Benchmarks
The cloud continues to expand with new products and services constantly introduced by cloud service providers (CSPs). The Center for Internet Security (CIS) responded with …
The CIS Benchmarks community consensus process
The Center for Internet Security (CIS) recently celebrated 20 years of bringing confidence to the connected world with consensus-based security guidance. The first CIS …
How to automate configuration review
Configuration management can be challenging. IT teams can become overwhelmed between various standards, compliance requirements, and security options. As the popularity of …
How to implement secure configurations more quickly
Secure configurations are a key best practice for limiting an organization’s cyber vulnerabilities. Since systems don’t ship securely, it’s important to review and implement …
The 5 Ws for building a strong cybersecurity plan
Creating a cybersecurity plan is the first step in starting secure and staying secure. Consider this when planning a budget, getting support from staff, and creating company …
Elastic acquires build.security to enforce security actions for cloud native environments
Elastic announced that it has entered into a definitive agreement to acquire build.security, a policy definition and enforcement platform that leverages the open source …
IBM provides Kestrel, a threat hunting tool, to Open Cybersecurity Alliance
Open Cybersecurity Alliance (OCA) announced it has accepted IBM’s contribution of Kestrel, an open-source programming language for threat hunting that is used by Security …
Panaseer unveils cyber measurement guidance to help avoid incidents
Panaseer announces guidance on best practice cybersecurity measurements to help avoid incidents. Currently, there is limited industry guidance around the most important …