Using the CIS20 security controls as a starting point for a security program (Part 2) - podcast episode cover

Using the CIS20 security controls as a starting point for a security program (Part 2)

SMB Cybercast
Jul 16, 201929 minEp. 7
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

For small and medium organizations, implementing a formal security program can see like a huge task. 

However, breaking this into small steps can help make that goal seem more attainable. 

The CIS 20 security controls is a framework that every SMB should begin implementing. Under CCPA, organizations that are following a proven framework, will be exempt from some of the litigation liabilities. CIS 20 is one of the frameworks that California attorney generals have accepted in the past. 

If you don't have a security program in place, your organization is like tacking the problem in an ad-hoc manner. Should an attack happen, being organized will give a much greater attempt of surviving. 

https://www.cisecurity.org/controls/cis-controls-list/

For the best experience, listen in Metacast app for iOS or Android