Monday, July 18, 2016

Effective Cyber Defense System

The five critical tenets of an effective cyber defense system as reflected in the CIS Critical Security Controls are:

Offense informs defense

Use knowledge of actual attacks that have compromised systems to provide the foundation to continually learn from these events to build effective, practical defenses. Include only those controls that can be shown to stop known real-world attacks.

Prioritization

Invest first in Controls that will provide the greatest risk reduction and protection against the most dangerous threat actors and that can be feasibly implemented in your computing environment.

Metrics

Establish common metrics to provide a shared language for executives, IT specialists, auditors, and security officials to measure the effectiveness of security measures within an organization so that required adjustmens can be identified and implemented quickly.

Continuous diagnostics and mitigation

Carry out continuous measurement to test and validate the effectiveness of current security measures and to help drive the priority of next steps.

Automation

Automate defenses so that organizations can achieve reliable, scalable, and continuous measurements of their adherence to the Controls and related metrics.