CIS Production site
- Guest Podcast: Why is Security Recruiting so Broken?by Danielle Koonce on October 21, 2021 at 6:11 pm
Cybersecurity recruiting challenges: is there truly a lack of applicants, or are employers looking in the wrong places? CIS Senior Vice President and Chief Evangelist Tony Sager joined Geoff Belknap, CISO for LinkedIn on the Defense in Depth podcast hosted by David Spark. Read on for notes on their discussion. Are Qualified Cybersecurity Candidates Falling The post Guest Podcast: Why is Security Recruiting so Broken? appeared first on CIS.
- NGINX + CIS Hardened Images = Security at Top Efficiencyby Mia LaVada on October 21, 2021 at 1:00 pm
Just under 25% of the internet’s busiest websites – including Dropbox, Netflix, and WordPress.com – served or proxied NGNIX in July 2021, according to Netcraft. But, how can organizations harden this popular open-source web server and their virtual machine images? The answer is CIS NGINX Hardened Images. At the Center for Internet Security (CIS), we The post NGINX + CIS Hardened Images = Security at Top Efficiency appeared first on CIS.
- Top 10 Malware September 2021by Danielle Koonce on October 20, 2021 at 5:01 pm
In September 2021, the MS-ISAC observed Jupyter’s return to the Top 10 Malware list. Additionally, ZLoader made its first appearance in the Top 10. ZLoader is a modular banking trojan, based off the open source code of ZeuS. Zloader uses web injection and keystroke logging to steal sensitive financial information. Additional abilities include being able The post Top 10 Malware September 2021 appeared first on CIS.
- Why Are Authentication and Authorization So Difficult?by chad.rogers on October 18, 2021 at 4:34 pm
Let’s say you’re tasked with selecting a strong authentication solution for your organization. Where do you begin? This blog is meant to be an introduction as well as provide links to additional resources. Most people assume passwords must be supported as a baseline since we’re so accustomed to using them. CIS has produced guidance on The post Why Are Authentication and Authorization So Difficult? appeared first on CIS.
- Enabling the Cooperative Cybersecurity Ecosystemby Danielle Koonce on October 15, 2021 at 2:35 pm
By Adam Montville The Center for Internet Security (CIS) has a mission to improve the actual practice of cyber defense, and we do this, in part, by ensuring that our best practice recommendations (in the form of CIS Benchmarks recommendations and CIS Controls Safeguards) track clear and transparent measures of security value for our users. The post Enabling the Cooperative Cybersecurity Ecosystem appeared first on CIS.
- Join CIS and MS-ISAC at Virtual 11th Annual Cyber Security Summitby chad.rogers on October 14, 2021 at 5:00 pm
The Center for Internet Security (CIS) and the Multi-State Sharing and Analysis Center (MS-ISAC) are proudly serving as partners for the Virtual 11th Annual Cyber Security Summit. This year’s event will take place virtually on Monday, October 25, through Wednesday, October 27. At CIS, our mission has always been to make the connected world a The post Join CIS and MS-ISAC at Virtual 11th Annual Cyber Security Summit appeared first on CIS.
- CIS Podcast Ep 17: Cybersecurity Awareness Month, It’s All About the Big Pictureby Danielle Koonce on October 13, 2021 at 5:22 pm
In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson welcomes Philippe Langlois of the Verizon Business Group and co-author of the Verizon Data Breach Investigations Report (DBIR). In celebration of Cybersecurity Awareness Month, the duo discuss the DBIR and version 2.0 of the CIS Critical Security Controls (CIS The post CIS Podcast Ep 17: Cybersecurity Awareness Month, It’s All About the Big Picture appeared first on CIS.
- Announcing CIS Endpoint Security Services for SLTTsby chad.rogers on October 13, 2021 at 11:00 am
U.S. State, Local, Tribal, and Territorial (SLTT) organizations face a stark challenge in mounting a proper cybersecurity defense against malicious actors whose attacks continue to increase in sophistication and volume. The trend toward persistent remote and hybrid work models further complicates an organization’s cybersecurity program, widening the attack surface as SLTT employees increasingly work from The post Announcing CIS Endpoint Security Services for SLTTs appeared first on CIS.
- [Halloween Infographic] Scary Cyber Threats and Sweet Solutionsby Danielle Koonce on October 12, 2021 at 1:16 pm
Do the words Zombiebots, Gh0st, Beast, and Creeper send shivers up your spine? They should. These are the names of top malware that could be haunting your programs and email right now! Building a cyber defense plan may seem scary. What is even scarier, is not having systems in place to protect against malware and The post [Halloween Infographic] Scary Cyber Threats and Sweet Solutions appeared first on CIS.
- What’s in a Name? CIS Critical Security Controlsby Danielle Koonce on October 7, 2021 at 1:04 pm
By Tony Sager, CIS Sr. Vice President and Chief Evangelist The conversation that eventually led to the CIS Critical Security Controls started with a series of observations and questions, and a simple idea. At the time, I was at the National Security Agency (NSA) leading a defensive organization dedicated to the discovery and analysis of The post What’s in a Name? CIS Critical Security Controls appeared first on CIS.