Managing Information Security Risk with CIS Controls

  • Wednesday, 01 Nov 2023 10:00AM EDT (01 Nov 2023 14:00 UTC)
  • Speaker: Brian Ventura

The Information Security industry has a large variety of solutions to stop attackers in their tracks! They claim to have tools to address every type of attack, and solutions that are silver bullets against all attackers. The current trends say machine learning and AI will solve our latest problems. Yet year over year more attacks are successful and become more damaging as organizations leverage and continue to rely on technology to run the business. Following the industry trends can accumulate interesting technologies designed to stop and alert on adversaries. These solutions are powerful and even cutting-edge, yet the adversary finds a way around or through.

CIS Controls are a different approach, starting with the actual attacks occurring today and in the future. CIS Controls provide a threat-focused prioritization to build a strong information security foundation and reduce business risks. CIS Controls align with existing trends and security focuses like Zero Trust, Automation and Orchestration, leveraging Machine Learning and Artificial Intelligence. The controls add a layer of measurement and metrics to provide the business information security risk information.


  • Prioritize defenses based on the CIS Controls to address the most common and damaging attacks
  • Measure control effectiveness to report back to business lines based on real-world threats.
  • Map controls between compliance, regulation and framework requirements
  • Understand the CIS Controls and effectiveness against Mitre ATT&CK techniques leveraging CDM
  • Identify how to map controls between compliance, regulation and security frameworks leveraging CIS Navigator
    • Utilize CIS tools to measure the security program, per-control
    • Track risks and prioritize mitigation leveraging CIS-RAM

The content from this webcast supports SEC566: Implementing and Auditing CIS Controls.