Configuration Management

Conclusion: There are many frameworks available that can guide an organisation’s efforts to enhance its security capability. However, most are abstract and carry very little practical detail. Thus it can be difficult to establish how to implement the aims of a framework. This is a challenge to any organisation working towards minimising risk.

The Center for Internet Security (CIS) has been evolving the CIS controls for a decade or more. They are formulated in a way that makes them a superb tactical approach to cyber security. They do not subvert the available frameworks. Rather, they supplement most frameworks by filling in the details of what to do and how to do it.

Any organisation would do well to use the CIS controls as a measure of their current security stance.