Posted on Tuesday, February 6th, 2018 by Katharina Gerberding
The implementation of security controls generally requires a comprehensive strategy and an investment of time, resources, and money. Despite clear controls and descriptions, many organizations still struggle to achieve basic security. Today’s security professionals need to ensure that they can effectively analyze their investments and that the controls that they have in place are in fact reducing risk to a level that is acceptable to the organization. When it comes to implementing and evaluating the CIS controls for effective cyber defense, many organizations are at a loss of where to start because security is still not a major business decision.