Understanding the 2018 Updates to the CIS Critical Security Controls

  • Monday, 18 Jun 2018 10:30AM EDT (18 Jun 2018 14:30 UTC)
  • Speaker: James Tarala

Each year the Center for Internet Security releases updates to their control guidance based on the cyber threats and methods attackers are using to compromise information systems. In this presentation, James Tarala, one of the three technical editors for the CIS Critical Security Controls will present a detailed explanation of the new updates to the controls released in March 2018.


Over the years dozens of cyber-security standards have been created to catalog the ways organizations can defend themselves. Unfortunately, many of these standards lead to more confusion, rather than provide specific technical defenses that can help stop advanced attacks. The CIS Controls are refreshed each year in light of observed threats and have been written to help organizations with practical, step-by-step guidance how to stop even the most advanced attackers. Controls are prioritized by threat actions and risks associated with certain threat actions.


During this presentation the editors of the Controls will:

  • Explain the control definition updates to the CIS Critical Security Controls
  • Describe how government agencies and private sector firms are using the controls as a part of the defensive architecture
  • Visualize how the Controls are related to existing security standards and regulations
  • Provide attendees specific metrics and measures that can be used to quantify the Controls
  • Demonstrate how the new quality management program can be used to quantify an organization's cyber-security maturity level