Learning to walk before you run. A key basic skill we all learn as toddlers and surely enough it sticks with us as we progress to the more advanced activities on two legs: jogging, skipping, running, sprinting, etc.

So why is it that organizations forget how to walk?

At Cyber UK 2018, the NCSC (National Centre for Cyber Security) hosted the UK Government’s flagship event for Cyber Security. It attracted the key players in Government, Academia, and Industry, and offered unrivaled networking opportunities with like-minded professionals. With a comprehensive list of speakers and sessions (some of which I attended), I was pleased at the amount of emphasis given to reducing security risks in sessions and streams.

As I would advocate, reducing the attack surface can help reduce the risk of cyber threats, which is same advice given by the CIS (Center for Internet Security). They have 20 controls, and their basic top five themes and topics were coming up time and again last week:

  1. Inventory of Authorized and Unauthorized Devices
  2. Inventory of Authorized and Unauthorized Software
  3. Secure Configuration for Hardware and Software
  4. Continuous Vulnerability Assessment and Remediation
  5. Controlled Use of Administrative Privileges

The takeaway is this: With each business-critical asset in your organization, you should compare your existing security controls against the CIS Critical Security Controls.

Pinpoint exactly which sub-controls within those you already meet and those you do not. Then, based on identified gaps and specific business risks and concerns, take immediate steps to implement the Top 5 Controls and develop a strategic plan to implement the others.

Ivanti can help addresses the Top 5 and other CSC controls, aligning IT operations and security to better your cybersecurity needs, with a comprehensive, targeted portfolio of IT security solutions.

Why do the CIS list these as basic controls? It’s because these things are like walking. The basic core skills are necessary before embarking upon further complicated skills like sprinting.