The Center for Internet Security (CIS) is a 501(c)(3) nonprofit organization, formed in October, 2000. Its mission is to "identify, develop, validate, promote, and sustain best practice solutions for cyber defense and build and lead communities to enable an environment of trust in cyberspace". The organization is headquartered in East Greenbush, New York, with members including large corporations, government agencies, and academic institutions.
CIS employs a closed crowdsourcing model to identify and refine effective security measures, with individuals developing recommendations that are shared with the community for evaluation through a consensus decision-making process. At the national and international level, CIS plays an important role in forming security policies and decisions by maintaining the CIS Controls and CIS Benchmarks, and hosting the Multi-State Information Sharing and Analysis Center (MS-ISAC).
CIS has several program areas, including MS-ISAC, CIS Controls, CIS Benchmarks, CIS Communities, and CIS CyberMarket. Through these program areas, CIS works with a wide range of entities, including those in academia, the government, and both the private sector and general public to increase their online security by providing them with products and services that improve security efficiency and effectiveness.
The Multi-State Information Sharing and Analysis Center (MS-ISAC) is a "round-the-clock cyber threat monitoring and mitigation center for state and local governments" operated by CIS as a partnership with the Office of Cybersecurity and Communications in the United States Department of Homeland Security (DHS). MS-ISAC was established in late 2002, and officially launched in January 2003, by William F. Pelgrin, then Chief Security Officer of the state of New York. Beginning from a small group of participating states in the Northeast, MS-ISAC came to include all 50 U.S. States and the District of Columbia, as well as U.S. Territorial, Tribal, and Local governments. In order to facilitate its expanding scope, in late 2010 MS-ISAC "transitioned into a not-for-profit status under the auspices of the Center for Internet Security", a transition facilitated by CIS having "an established reputation for providing cybersecurity resources to the public and private sectors".
MS-ISAC "helps government agencies combat cyberthreats and works closely with federal law enforcement", and is designated by DHS as a key cyber security resource for the nation's State, Local, Territorial, and Tribal (SLTT) governments. The MS-ISAC 24x7 cyber security operations center performs network monitoring, issues early cyber threat warnings and advisories, and performs vulnerability identification and mitigation as well as incident response.
The main objectives of MS-ISAC are described as follows:
CIS Controls and CIS Benchmarks provide global standards for internet security, and are a recognized global standard and best practices for securing IT systems and data against attacks. CIS maintains "The CIS Controls", a popular set of 20 security controls "which map to many compliance standards", and are applicable to the Internet of things. Through an independent consensus process, CIS Benchmarks provide frameworks to help organizations bolster their security. CIS offers a variety of free resources, which include "secure configuration benchmarks, automated configuration assessment tools and content, security metrics and security software product certifications".
The CIS Controls advocate "a defense-in-depth model to help prevent and detect malware". A May 2017 study showed that "on average, organizations fail 55% of compliance checks established by the Center for Internet Security", with more than half of these violations being high severity issues. In March 2015, CIS launched CIS Hardened Images for Amazon Web Services, in response to "a growing concern surrounding the data safety of information housed on virtual servers in the cloud". The resources were made available as Amazon Machine Images, for six "CIS benchmarks-hardened systems", including Microsoft Windows, Linux and Ubuntu, with additional images and cloud providers added later. CIS released Companion Guides to CIS Controls, recommendations for actions to counter cybersecurity attacks, with new guides having been released in October and December 2015.
CIS Benchmarks are a collaboration of the Consensus Community and CIS SecureSuite members (a class of CIS members with access to additional sets of tools and resources). The Consensus Community is made up of experts in the field of IT security who use their knowledge and experience to help the global Internet community. CIS SecureSuite members are made up of several different types of companies ranging in size, including government agencies, colleges and universities, nonprofits, IT auditors and consultants, security software vendors and other organizations. CIS Benchmarks and other tools that CIS provides at no cost allow IT workers to create reports that compares their system security to universal consensus standard. This fosters a new structure for internet security that everyone is accountable for that is shared by top executives, technology professionals and other internet users throughout the globe. Further, CIS provides internet security tools with a scoring feature that rates the configuration security of the system at hand. For example, CIS provides SecureSuite members with access to CIS-CAT Pro, a "cross-platform Java app" which scans target systems and "produces a report comparing your settings to the published benchmarks". This is intended to encourage and motivate users to improve the scores given by the software, which bolsters the security of their internet and systems. The universal consensus standard that CIS employs draws upon and uses the accumulated knowledge of skillful technology professionals. Since internet security professionals volunteer in contributing to this consensus, this reduces costs for CIS and makes it cost effective.
CIS CyberMarket is a "collaborative purchasing program that serves U.S. State, Local, Tribal, and Territorial (SLTT) government organizations, nonprofit entities, and public health and education institutions to improve cybersecurity through cost-effective group procurement". The intent of the CIS CyberMarket is to combine the purchasing power of governmental and nonprofit sectors to help participants improve their cybersecurity condition at a lower cost than they would have been able to attain on their own. The program assists with the "time intensive, costly, complex, and daunting" task of maintaining cybersecurity by working with the public and private sectors to bring their partners cost-effective tools and services. The combined purchasing opportunities are reviewed by domain experts.
There are three main objectives of the CIS CyberMarket:
CIS CyberMarket, like the MS-ISAC, serves government entities and non-profits in achieving greater cyber security. On its "resources" page, multiple newsletters and documents are available free of charge, including the "Cybersecurity Handbook for Cities and Counties".
CIS Communities are "a volunteer, global community of IT professionals" who "continuously refine and verify" CIS best practices and cybersecurity tools. To develop and structure its benchmarks, CIS uses a strategy in which members of the organization first form into teams. These teams then each collect suggestions, advice, official work and recommendations from a few participating organizations. Then, the teams analyze their data and information to determine what the most vital configuration settings are that would improve internet system security the most in as many work settings as possible. Each member of a team constantly works with their teammates and critically analyzes and critiques a rough draft until a consensus forms among the team. Before the benchmark is released to the general public, they are available for download and testing among the community. After reviewing all of the feedback from testing and making any necessary adjustments or changes, the final benchmark and other relevant security tools are made available to the public for download through the CIS website. This process is so extensive and is so carefully executed that thousands of security professionals across the globe participate in it. According to ISACA, "during the development of the CIS Benchmark for Sun Microsystems Solaris, more than 2,500 users downloaded the benchmark and monitoring tools."
The organizations that participated in the founding of CIS in October, 2000 include ISACA, the American Institute of Certified Public Accountants (AICPA), the Institute of Internal Auditors (IIA), the International Information Systems Security Certification Consortium (ISC2) and the SANS Institute (System Administration, Networking and Security). CIS has since grown to have hundreds of members with varying degrees of membership, and cooperates and works with a variety of organizations and members at both the national and international levels. Some of these organizations include those in both the public and private sectors, government, ISACs and law enforcement.
See more here:
Center for Internet Security - Wikipedia
- Cyber Security & Network Security Services - Internet ... - February 18th, 2020
- Google Announced US$1 Million for its Be Internet Awesome Initiative - CISO MAG - February 18th, 2020
- Internet security Market Analysis With Key Players, Applications, Trends and Forecast To 2026 - Instant Tech News - February 18th, 2020
- Cybersecurity Level in the Middle East: An Overview of the Cybersecurity Market State - SCOOP EMPIRE - February 18th, 2020
- Quantum internet: the next global network is already being laid - The Conversation UK - February 18th, 2020
- IC3.gov 2019 Internet Crime Report: Its All About that BEC - Security Boulevard - February 18th, 2020
- Sophos Cloud Optix breakthrough IAM visualization is here - Naked Security - February 18th, 2020
- Stay Safe, Secure And Anonymous Online with The Doe - London Post - February 18th, 2020
- Industry Insight: The CCPAs Elusive Reasonable Security Safe Harbor - JD Supra - February 18th, 2020
- WISeKey Drives Innovations in IoT Security with 23 Strategic Patents in the U.S. - GlobeNewswire - February 18th, 2020
- IT Security Consulting Services Market Size, Share, Types, Growth Strategies, Interactive Components, Key Companies Overview and Forecast Outlook by... - February 18th, 2020
- Market Size of Internet of Things (IoT) Security Product , Forecast Report 2019-2026 - Redhill Local Councillors - February 18th, 2020
- Internet of Things (IoT) Security Market Projected To Witness Vigorous Expansion By 2026 - Instant Tech News - February 18th, 2020
- 40% respondents ready to share personal details on dating apps without meeting person - The News Minute - February 18th, 2020
- How to protect your personal information online during tax season - CTV News - February 18th, 2020
- It is with a heavy heart we must inform you, once again, folks are accidentally spilling thousands of sensitive pics, records onto the internet - The... - February 18th, 2020
- Security of online voting questioned | News, Sports, Jobs - The Daily Times - February 16th, 2020
- This may be the last piece I write: prominent Xi critic has internet cut after house arrest - The Guardian - February 16th, 2020
- An Alternative to Windows 7 - Budapest Business Journal - February 16th, 2020
- North Koreas Internet Use Surges, Thwarting Sanctions and Fueling Theft - The Indian Express - February 16th, 2020
- Microsoft Patch Tuesday fixes IE zeroday and 98 other flaws - We Live Security - February 16th, 2020
- 'More guidance and regulation': Zuckerberg requests government rules on 'what discourse should be allowed' - Washington Examiner - February 16th, 2020
- Internet of Things (IoT) Security Product Market: Development Factors and Investment Analysis by Leading Manufacturers 2018 2026 - TechNews.mobi - February 16th, 2020
- Our personal health history is too valuable to be harvested by the tech giants - The Guardian - February 16th, 2020
- Cyber Security Today The latest FBI Internet crime report, adware on the rise, attacks on Wi-Fi and more - IT World Canada - February 15th, 2020
- Indias proposed internet regulations can threaten privacy everywhere - The News International - February 15th, 2020
- Antivirus Is Not Enough in 2020: Here is Why - laprogressive.com - February 15th, 2020
- FBI: Cybercrime losses tripled over the last 5 years - We Live Security - February 15th, 2020
- AIoT Convergence of Artificial Intelligence with the Internet of Things - EnterpriseTalk - February 15th, 2020
- Indias proposed internet regulations could threaten privacy everywhere - The Verge - February 15th, 2020
- Global Internet of Things (IoT) Security Market Key Players, Share, Trend, Segmentation and Forecast to 2026: Cisco Systems, Intel Corporation, IBM... - February 15th, 2020
- Romance scammers stole $475m last year. Here's how to spot them - Verdict - February 15th, 2020
- Safer Internet Day 2020 Together for a better internet - Security Boulevard - February 14th, 2020
- Internet's safe-keepers forced to postpone crucial DNSSEC root key signing ceremony no, not a hacker attack, but because they can't open a safe - The... - February 14th, 2020
- Here's how to avoid becoming a victim of a tax scam - AZ Big Media - February 14th, 2020
- Will Weak Passwords Doom the Internet of Things (IoT)? - Security Intelligence - February 14th, 2020
- Bithumb Employee Found Guilty of Security Failings that Led to Hack - Cryptonews - February 14th, 2020
- Will your vote count? Ohio working to increase election security - WHIO - February 14th, 2020
- Perimeter 81 Introduces SASE Platform This latest offer is based on a partnership with investor and - Channel Futures - February 14th, 2020
- NHS Secure Boundary the next layer of cyber protection for the NHS - Digital Health - February 14th, 2020
- Global Internet of Things (IoT) Security Market Segmentation along with Regional Outlook, Competitive Strategies, Factors Contributing to Growth and... - February 14th, 2020
- North Koreas Internet Use Surges, Thwarting Sanctions and Fueling Theft - The New York Times - February 14th, 2020
- TechForce Aberdeen event to kick off Cyber Scotland Week - The Scotsman - February 14th, 2020
- Security Strategy: Moving Away From Tried and True - Security Boulevard - February 5th, 2020
- Internet Security Software Market investigated in the latest research - WhaTech Technology and Markets News - February 5th, 2020
- What Is Log Management, and Why Is It Important? - Security Boulevard - February 5th, 2020
- Latest Released 2020 Version Of Internet Security Market With Market Data Tables, Graphs, Figures and Pie Chat - TheLoop21 - February 5th, 2020
- Booter Boss Busted By Bacon Pizza Buy - Krebs on Security - February 5th, 2020
- Yet another Windows 10 fail as new update breaks the internet - heres how to fix it - TechRadar India - February 5th, 2020
- 'Formjacking' Is the New Internet Scam We Need to Watch Out For - q985online.com - February 5th, 2020
- Kiwis think benefits of the internet outweigh the negatives - SecurityBrief New Zealand - February 5th, 2020
- GAO: DHS and Agencies Must Work to Improve Cybersecurity - HSToday - February 5th, 2020
- Government to strengthen security of internet-connected products - GOV.UK - January 31st, 2020
- DigiCert Leads Initiative to Enhance EV SSL Certificates - Security Boulevard - January 31st, 2020
- eScan Internet Security Suite - Download - January 30th, 2020
- Internet Security - January 30th, 2020
- Best malware removal software of 2020: free and paid anti-malware tools and services - TechRadar - January 30th, 2020
- Government to strengthen security of internet-connected products - SecurityNewsDesk - January 30th, 2020
- IoT security: Your smart devices must have these three features to be secure - ZDNet - January 30th, 2020
- Millions of Wawa customers data breached selling on dark web - wobm.com - January 30th, 2020
- DigiCert CEO: Focus Security and Privacy on the Person - Infosecurity Magazine - January 30th, 2020
- CounterAct Cybersecurity Group Launches End-to-End Approach to Help MSPs Protect Their Businesses and Customers from Information Security Threats -... - January 30th, 2020
- The US Space Force Has a Rough Launch on the Internet - WIRED - January 30th, 2020
- Startup MGZN The only Arab company on eSecurity Planet's Top 18 Cybersecurity Startups 2020 is this one! - Startup MGZN - January 30th, 2020
- Bitdefender wants to protect your device for just over 7 dollars, but there's a catch - TechRadar - January 26th, 2020
- How scammers take advantage of stressed-out taxpayers - The Guardian - January 26th, 2020
- Here's the Top Cyber-Security Software You Need To Consider Downloading For 2020 - Grit Daily - January 26th, 2020
- Limited internet to be restored in Kashmir, no access to social media - Reuters - January 26th, 2020
- Analyzing AppFolio (NASDAQ:APPF) and Cyren (NASDAQ:CYRN) - Riverton Roll - January 26th, 2020
- The Rise of the Internet of Things | 2020-01-20 - Security Magazine - January 25th, 2020
- Protecting Websites from Magecart and Other In-Browser Threats - Security Boulevard - January 25th, 2020
- Off-campus wireless internet security on par with University - Kent Wired - January 25th, 2020
- Jeff Bezos Phone Hack Should Terrify Everyone - The New York Times - January 25th, 2020
- Limited internet to be restored in Kashmir, no access to social media - WSAU News - January 25th, 2020
- Cyber Security Today Kids clothes site hacked, a new phony email extortion scam and be careful with Internet Explorer - IT World Canada - January 25th, 2020
- Experts write to government on cyber fixes - Economic Times - January 25th, 2020
- Internet Security Software Market by Types, Applications, Countries and Forecasts to 2026 - Vital News 24 - January 24th, 2020
- An Open Source Effort to Encrypt the Internet of Things - WIRED - January 24th, 2020
- Local News Role of the internet in human trafficking to be highlighted at summit in SLO - KSBY San Luis Obispo News - January 24th, 2020
- Global Internet of Things (IoT) Security Market | By Component,By Type,By Application Area Dagoretti News - Dagoretti News - January 24th, 2020