News

How do I do a CIS IG1 cyber security assessment

Written by Tai Chesselet | Apr 17, 2023 11:48:10 AM

Doing a CIS IG1 Non-technical cyber assessment.

Performing a CIS IG1 cyber security assessment involves evaluating an organization's current cybersecurity posture against the CIS Controls version 8.0 (formerly known as CIS Controls v7.1), which includes the eight "Hygiene Controls" outlined in the CIS IG1 framework. Here are some steps to follow when conducting a CIS IG1 cyber security assessment:

  1. Familiarize yourself with the CIS IG1 framework and the associated controls. Review the CIS Controls version 8.0 and understand the purpose and objectives of each of the eight Hygiene Controls.

  2. Identify the scope of the assessment. Determine which systems, applications, and networks are in scope for the assessment. This will help you understand the assets you need to assess and the scope of your evaluation.

  3. Review existing security policies and procedures. Evaluate existing security policies, procedures, and documentation to understand the level of security measures currently in place.

  4. Conduct a gap analysis. Compare the existing security measures to the requirements of the CIS IG1 framework. Identify gaps and weaknesses in the security posture, and prioritize them based on their potential impact and the effort required to remediate them.

  5. Assess the effectiveness of security controls. Evaluate the effectiveness of existing security controls by conducting vulnerability assessments, penetration testing, and other security assessments as needed.

  6. Develop a remediation plan. Develop a remediation plan to address the gaps and weaknesses identified during the assessment. Prioritize remediation efforts based on the risks identified during the assessment.

  7. Monitor and review the security posture. Monitor the security posture of the organization on an ongoing basis and make adjustments as needed. Regularly review and update security policies, procedures, and controls to ensure they remain effective.

By following these steps, you can conduct a thorough CIS IG1 cyber security assessment and identify areas for improvement in your organization's security posture.

CyberXposure offers CIS assessment with amazing analytics and remediation built in.