The five critical tenets of an effective cyber defense system as reflected in the CIS Critical Security Controls are:
Offense informs defense
Use knowledge of actual attacks that have compromised systems to provide the foundation to continually learn from these events to build effective, practical defenses. Include only those controls that can be shown to stop known real-world attacks.
Prioritization
Invest first in Controls that will provide the greatest risk reduction and protection against the most dangerous threat actors and that can be feasibly implemented in your computing environment.
Metrics
Establish common metrics to provide a shared language for executives, IT specialists, auditors, and security officials to measure the effectiveness of security measures within an organization so that required adjustmens can be identified and implemented quickly.
Continuous diagnostics and mitigation
Carry out continuous measurement to test and validate the effectiveness of current security measures and to help drive the priority of next steps.
Automation
Automate defenses so that organizations can achieve reliable, scalable, and continuous measurements of their adherence to the Controls and related metrics.
Offense informs defense
Use knowledge of actual attacks that have compromised systems to provide the foundation to continually learn from these events to build effective, practical defenses. Include only those controls that can be shown to stop known real-world attacks.
Prioritization
Invest first in Controls that will provide the greatest risk reduction and protection against the most dangerous threat actors and that can be feasibly implemented in your computing environment.
Metrics
Establish common metrics to provide a shared language for executives, IT specialists, auditors, and security officials to measure the effectiveness of security measures within an organization so that required adjustmens can be identified and implemented quickly.
Continuous diagnostics and mitigation
Carry out continuous measurement to test and validate the effectiveness of current security measures and to help drive the priority of next steps.
Automation
Automate defenses so that organizations can achieve reliable, scalable, and continuous measurements of their adherence to the Controls and related metrics.
