18 Top Security Controls that every Business Should be Doing

government, and has been set up in effort to provide a safe and reliable standard of protection for IT systems from cyber threats.  Watch as Alex Fields goes over the importance of Cyber Security and how the CIS free resources can help you. 

Video Transcription

Harry Brelsford 0:05
Hey Nation Nation back with Alex Fields. And Alex, appreciate during rehearsal, you were kind of sharing on the family side, you're going to migrate around the country and enjoy some drive time. Congratulations that sounds like that. That sounds fun. But we're not here for fun. No sir re we're here to talk CIS some changes what what's what is CIS what's going on?

Alex Fields 0:34
So the Center for Internet Security or the CIS, they have published a list of security controls. And I've had this for a long time, it's gone through many different revisions, they updated all the time. And most recently, they've updated to version eight of their control framework. And that particular revision is interesting, because they were taking into account the large shift towards cloud services. And so that was one of the big, you know, one of the big structural changes that took place was that they had to reorganize, some of the controls have actually added a new control that's specifically about managing service providers in the cloud. And so it's a, it's been a pretty interesting change that just took place recently, it was earlier in May. And so you know, at the time of this recording, it's early June. So still kind of digesting some of that. But it's, it's a really interesting set of changes to the framework. And it's a framework that I like to recommend for small businesses, I always have, because it's a very easy framework for them to digest. A lot of small businesses, as you know, they just don't have the same resources that like an enterprise does work. And when enterprises are looking at cybersecurity, they're usually trying to implement something like the NIST cybersecurity framework. It's a really popular framework template, but there's like 150 controls in the NIST framework, it's a lot of, it's a lot to digest. And the CIS has done, you know, an amazing service, I think, to the community. And they basically said, like, let's try to distill that into a simplified list of controls. And so the latest framework only contains 18 controls. So they're only 18. You know, things that you have to kind of look at and consider for your business, like, are we doing this, you know, are are there some things, there's some, there's some holes here that we can fill, and it gives you some really good practical guidance, as well as, you know, just kind of an intellectual framework by which to understand like, why are we doing these things. And so, if you are a service provider, if you are a consultant who works with small businesses, I highly recommend just taking a little bit of time, just going and getting the CIS controls there, it's free, it's a free resource that they provide. So you can just go to cisecurity.org, and get the controls there and what we can include a link for that in the show notes, but it will basically just walk you through the 18 top security controls that every business should be doing, regardless of what industry they're in, regardless of their size. And so if you're not held to specific compliance requirements, or you don't know where else to start, this is a really good place to start. And so yeah, I'd highly recommend checking that out.

Harry Brelsford 3:00
Well, no, I appreciate it. You. You always daze and amaze me, man. I my job is to keep up with you. Okay. And make sure I can ask relevant questions. Um, with that said, shout out to your community site, what's the URL where people can get to know you a little better?

Alex Fields 3:19
Itpromentor.com

Harry Brelsford 3:21
Yep. All right. Itpromentor.com Thank you, man.