Implementing a cyber security framework can be difficult due to the lack of practical detail in most conceptual frameworks, making it challenging to minimise risk. The Center for Internet Security’s (CIS) controls provide a tactical approach to supplement and measure an organisation’s security stance.