The CIS Critical Security Controls for Effective Cyber Defense

Sevco Security Unveils New Channel Partner Program to Help Organizations of All Sizes Automate Discovery and Remediation of Security Gaps, Vulnerabilities, and Risks

Retrieved on: 
Thursday, November 2, 2023

Sevco Security , the cloud-native CAASM platform that delivers the industry’s most accurate, continuously updated IT asset inventory, today announced the launch of the Sevco Channel Partner Program, including an incentive-based program to reward channel partner representatives for driving new deals and evaluations with Sevco.

Key Points: 
  • Sevco Security , the cloud-native CAASM platform that delivers the industry’s most accurate, continuously updated IT asset inventory, today announced the launch of the Sevco Channel Partner Program, including an incentive-based program to reward channel partner representatives for driving new deals and evaluations with Sevco.
  • Sevco automates discovery and remediation of security gaps, vulnerabilities, and risks.
  • The Sevco Channel Partner SPIFF will run from November 1, 2023 until January 31, 2024 – all deal registrations must be submitted by January 31, 2024.
  • To learn more about the Sevco Channel Partner Program, contact [email protected] .

CRITICALSTART® Announces Risk Assessments for Enhanced Cybersecurity Visibility

Retrieved on: 
Thursday, August 10, 2023

Critical Start's Risk Assessment is also a fundamental component of the company's recently announced MCRR approach, which delivers organizations the highest reduction in cyber risk for every dollar invested.

Key Points: 
  • Critical Start's Risk Assessment is also a fundamental component of the company's recently announced MCRR approach, which delivers organizations the highest reduction in cyber risk for every dollar invested.
  • Critical Start's Risk Assessment is designed to provide organizations with a user-friendly tool for assessing their cybersecurity status, regardless of their current stage in the cybersecurity journey.
  • With two types of assessments available, users can opt for a quick start assessment to gain a high-level understanding of their risk profile, or a comprehensive risk assessment.
  • Manage cyber risk assessments conducted by third-party and self-assessments, compare to industry peer benchmarking, identify risk reduction priorities, and measure improvements over time.

New CompTIA Cybersecurity Trustmark aims to bring a positive shift in the overall organizational security culture of the MSP community

Retrieved on: 
Tuesday, March 14, 2023

CHICAGO, March 14, 2023 /PRNewswire/ -- A new organizational trustmark designed to help managed service providers (MSPs) and solution providers elevate their cybersecurity awareness and readiness was introduced today by CompTIA, the nonprofit association for the information technology (IT) industry and workforce.

Key Points: 
  • The CompTIA Cybersecurity Trustmark details a clear path for MSPs to achieve foundational cybersecurity hygiene, laying the groundwork for a functional security program within the organization.
  • "The goal of the CompTIA Cybersecurity Trustmark program is to raise awareness and understanding of cybersecurity throughout an MSP organization," said Wayne Selk, vice president for cybersecurity programs at CompTIA and executive director of the CompTIA ISAO.
  • "We believe the trustmark will help MSPs bring about a positive shift in their overall security culture and have a positive impact on their risk posture."
  • The new trustmark, a successor to the previous CompTIA Security+ Trustmark, launches with the "clear understanding there is more to do for the MSP community," Selk acknowledged.

RealCISO Announces Partnership with Center for Internet Security (CIS) and Institute for Security and Technology (IST)'s Blueprint for Ransomware Defense Working Group

Retrieved on: 
Wednesday, November 16, 2022

BOSTON, Nov. 16, 2022 /PRNewswire-PRWeb/ -- RealCISO, a powerful software platform that enables organizations to evaluate and strengthen their security posture and reduce cyber risk, today announced a partnership with the Center for Internet Security (CIS) and the Institute for Security and Technology (IST) through the Blueprint for Ransomware Defense Working Group to provide customers with an easy and clear ability to create an action plan for ransomware mitigation, response, and recovery for small- and medium-sized enterprises.

Key Points: 
  • This partnership allows those businesses to better understand their cybersecurity posture and implement solutions that close gaps."
  • Within the original Ransomware Task Force, Action 3.1.1 called for the cybersecurity community to "develop a clear, actionable framework for ransomware mitigation, response, and recovery."
  • As a result, the Blueprint for Ransomware Defense Working Group developed a Blueprint comprised of a curated subset of essential cyber hygiene Safeguards from the CIS Critical Security Controls (CIS Controls) v8.
  • The Institute for Security and Technology (IST) designs and advances solutions to the world's toughest emerging security threats.

New MS-ISAC Report Details Cybersecurity Challenges of K-12 Schools

Retrieved on: 
Monday, November 14, 2022

EAST GREENBUSH, N.Y., Nov. 14, 2022 /PRNewswire/ --The Multi-State Information Sharing and Analysis Center (MS-ISAC), part of the Center for Internet Security (CIS), released a new report Monday detailing the cybersecurity challenges faced by K-12 schools along with steps they can take to improve their cyber defenses.

Key Points: 
  • EAST GREENBUSH, N.Y., Nov. 14, 2022 /PRNewswire/ --The Multi-State Information Sharing and Analysis Center (MS-ISAC), part of the Center for Internet Security (CIS), released a new report Monday detailing the cybersecurity challenges faced by K-12 schools along with steps they can take to improve their cyber defenses.
  • The K-12 Report uncovers findings on cybersecurity preparedness and threats from the 2021 Nationwide Cybersecurity Review (NCSR), along with the MS-ISAC's robust database of threat intelligence, service data, and feedback from its more than 3500 members, from among K-12 schools and districts.
  • The K-12 sector is improving its cybersecurity capabilities over time, but lags behind other sectors in terms of cybersecurity program maturity.
  • With the release of the report, the MS-ISAC hopes to drive further cyber improvements across the K-12 community, while highlighting no-cost cybersecurity resources available to MS-ISAC member schools and districts.

Aqua Security Collaborates with CIS to Create the First Guide for Software Supply Chain Security

Retrieved on: 
Wednesday, June 22, 2022

Although threats to the software supply chain continue to increase, studies show that security across development environments remains low.

Key Points: 
  • Although threats to the software supply chain continue to increase, studies show that security across development environments remains low.
  • CIS intends to expand this guidance into more specific CIS Benchmarks to create consistent security recommendations across platforms.
  • By publishing the CIS Software Supply Chain Security Guide, CIS and Aqua Security hope to build a vibrant community interested in developing the platform-specific Benchmark guidance to come, said Phil White, Benchmarks Development Team Manager for CIS.
  • To learn more about the CIS Software Supply Chain Security Guide, visit the CIS WorkBench .

SteelCloud Software Deployed to Secure Critical OT Infrastructure at Major Energy Company

Retrieved on: 
Wednesday, March 2, 2022

ASHBURN, Va., March 2, 2022 /PRNewswire/ -- SteelCloud LLC, a leading STIG and CIS compliance automation software developer, announced today its ConfigOS technology has been licensed to a major U.S. energy company to secure Operational Technology (OT) assets.

Key Points: 
  • ASHBURN, Va., March 2, 2022 /PRNewswire/ -- SteelCloud LLC, a leading STIG and CIS compliance automation software developer, announced today its ConfigOS technology has been licensed to a major U.S. energy company to secure Operational Technology (OT) assets.
  • SteelCloud's software will be used to harden OT endpoints using the Center for Internet Security (CIS) industry-standard for system-level controls.
  • The ConfigOS agent-less architecture provides unique benefits to OT operators because it performs its cyber work without the need to load software on OT assets.
  • "With the most recent attacks and the guidance provided by CISA and NIST, critical infrastructure organizations are beginning to increase their focus on improving OT security, said Brian Hajost, SteelCloud Chief Operating Officer.

Ivanhoe Mines Provides 2022 Production and Cost Guidance for Kamoa-Kakula Copper Complex

Retrieved on: 
Monday, January 10, 2022

The guidance range for cash costs (C1) per pound of payable copper in 2022 is between $1.20 and $1.40 per pound of payable copper.

Key Points: 
  • The guidance range for cash costs (C1) per pound of payable copper in 2022 is between $1.20 and $1.40 per pound of payable copper.
  • Kamoa Copper expects to begin operations at the Phase 2 concentrator plant in Q2 2022.
  • Production and cost guidance assumes the Phase 2 concentrator plant will commence copper production in Q2 2022 and that ramp-up will be in line with what was achieved with Phase 1.
  • Based on independent benchmarking, the project's phased expansion scenario to 19 Mtpa would position Kamoa-Kakula as the world's second-largest copper mining complex, with peak annual copper production of more than 800,000 tonnes.

Zomentum Adds CIS Security Assessment to Sales Acceleration Platform

Retrieved on: 
Tuesday, November 30, 2021

IRVINE, Calif., Nov. 30, 2021 /PRNewswire-PRWeb/ -- Zomentum , creators of the first intelligent Sales Acceleration Platform built for the IT channel, announced today that it has added the industry-leading security assessment tool from the Center for Internet Security Inc. (CIS) into a growing library of IT assessment tools accessible within the Zomentum sales automation platform.

Key Points: 
  • IRVINE, Calif., Nov. 30, 2021 /PRNewswire-PRWeb/ -- Zomentum , creators of the first intelligent Sales Acceleration Platform built for the IT channel, announced today that it has added the industry-leading security assessment tool from the Center for Internet Security Inc. (CIS) into a growing library of IT assessment tools accessible within the Zomentum sales automation platform.
  • Access to the CIS U.S. security assessment tool from the Zomentum platform is available immediately.
  • Zomentum also plans to integrate the CIS assessment tool for U.K. Cybersecurity Infrastructure & Security Agency (CISA) Cyber Essentials .
  • "By adding the CIS security assessment to the Zomentum Sales Acceleration Platform, our IT channel customers no longer have to log into a separate security assessment tool, making it faster and easier to identify and monetize opportunities to deliver high-value cybersecurity services to their business clients."

Panaseer Selected as a CIS Development Partner

Retrieved on: 
Tuesday, November 9, 2021

In 2019 CIS took their first steps into recommending what metrics organisations should measure to assess their compliance with CIS controls, releasing 'version one' of the Controls Assessment Specification.

Key Points: 
  • In 2019 CIS took their first steps into recommending what metrics organisations should measure to assess their compliance with CIS controls, releasing 'version one' of the Controls Assessment Specification.
  • Developing the de facto automation platform for security measurement has been a strategic priority for Panaseer since its inception in 2014.
  • Leila Powell, Lead Data Scientist, Panaseer: 'We are thrilled to be selected as a development partner for CIS.
  • We are a community-driven nonprofit, responsible for the CIS Critical Security Controls and CIS Benchmarks, globally recognized best practices for securing IT systems and data.