Unsure of how to get started on your organisation's cyber resilient program? Get in touch now
646dec5d607449768d46dc14cb4df18c 22 1600

19 May 2021

CIS Controls version 8 - Less is More

The Center for Internet Security (CIS) officially launched CIS Controls v8, which was enhanced to keep up with evolving technology, threats, and workplaces. The pandemic changed a lot of things, and it also prompted changes in the CIS Controls.

Continue Reading
Home Blog
CIS Controls Logo no marks

The Center for Internet Security (CIS) officially launched CIS Controls v8, which was enhanced to keep up with evolving technology (modern systems and software), evolving threats, and even the evolving workplace. The pandemic changed a lot of things, and it also prompted changes in the CIS Controls.

There are now 18 Controls, reduced from 20; These Controls are a prioritised set of Safeguards (formerly sub-controls) to mitigate the most prevalent cyber-attacks against systems and networks, and now include Service Provider Management, an increasingly key area of cyber risk.

As before, there are 3 levels of implementation that an organisation can choose from, depending on the criticality of the information and processes. These are called Implementation Groups (IGs):

  • As a minimum standard of Information Security, organisations need to apply IG1 – “Basic Cyber hygiene”.
  • Organisations would choose IG2 if they store and process sensitive client or enterprise information and can withstand short interruptions of service
  • If an organisation handles highly sensitive information or is heavily regulated, and where successful attacks can cause significant harm to the public welfare, IG3 would be the appropriate level.

Cybercraft offers expert cyber risk governance, management and assessment services. Take a look at our Cyber Risk Assessment solution and our Fractional Chief Information Security Officer service.

Share this article

More articles

How the OWASP Application Security Verification Standard Makes Organisations Secure

19 May 2021

How the OWASP Application Security Verification Standard Makes Organisations Secure

Application security is no longer an afterthought but something that all organisations and businesses need to be very careful about. Unsecured applications pose serious security threats since hackers can find ways to circumvent defences and attack unpatched vulnerabilities.

Read more
UPDATE: FireEye Red Team Security Evaluation Tools Stolen

19 May 2021

UPDATE: FireEye Red Team Security Evaluation Tools Stolen

UPDATE - SolarWinds Orion vulnerability being actively exploited - Earlier this week, FireEye publicly advised that a highly sophisticated state-sponsored actor had gained access to their network and have taken a copy of the FireEye Red Team tools.

Read more
Australian legal services provider recieves cyberattack

19 May 2021

Australian legal services provider recieves cyberattack

An Australian supplier to the legal services industry has suffered a cybersecurity incident.

Read more