401 Reading 4 - marsecguy/reading-notes-cyberops GitHub Wiki

CIS Standards

1. What are three benefits of following CIS Benchmarks?

   • Regularly updated, step-by-step guidance for securing every area of the IT infrastructure
   • A flexibility template for securely adopting new cloud services and for executing digital transformation strategies
   • Easy-to-deploy configurations for improved operational efficiency and sustainability

2. What are the seven core categories of CIS Benchmarks?

   • Operating systems benchmarks
   • Server software benchmarks
   • Cloud provider benchmarks
   • Mobile device benchmarks
   • Network device benchmarks
   • Desktop software benchmarks
   • Multi-function print device benchmarks

3. How would you convince your manager that applying CIS Benchmarks could fast-track your organization’s compliance?

   • I would start by making the business case that the work of creating a framework has already been done, saving me work hours of researching and developing my own system. I would also point out that, as an industry standard, potential clients will be looking for it's application when selecting a vendor. Even if they aren't looking for it, using it and mentioning it when other bidders do not will give a competitive advantage. Finally, I would make the business continuity case: every single thing we can find and address through using this framework is one less thing that can potentially go wrong later, creating production and service delays and avoiding recovery costs.

Source: IBM