Security News > 2024 > January > Prioritizing CIS Controls for effective cybersecurity across organizations

In this Help Net Security interview, Randy Marchany, CISO at Virginia Tech, discusses the challenges and strategies associated with implementing CIS Controls in organizations of varying sizes.

The discussion also highlights the prioritization of key controls for inventory management, the use of metrics to measure implementation effectiveness and the adaptation of CIS Controls for different organizational scales.

What are the most common challenges organizations face when implementing CIS Controls, and how can they be addressed effectively?

For organizations starting with CIS Controls, which controls should they prioritize and why?

While the CIS doesn't recommend any particular order to implementing the controls, I would recommend starting with controls 1-3, which determine your hardware, software, and most importantly, your sensitive data inventories.

How do CIS Controls integrate with other cybersecurity frameworks and standards?

News URL

https://www.helpnetsecurity.com/2024/01/24/randy-marchany-virginia-tech-cis-controls-implementation/