This episode is a detailed discussion between Guy Bavly (CEO) and Assaf Litai (CTO) of Actifile about the CIS (Center for Internet Security) controls framework.

Asaaf explains that CIS is a general-purpose security framework designed to help organizations improve their security stance, unlike specific frameworks for healthcare, DOD, or credit cards.

The discussion explores how MSPs can benefit from implementing CIS controls, with Assaf emphasizing that it provides a standardized approach to security implementation across customers.

He notes that while CIS isn't necessarily 'best-in-class,' it represents a 'best effort' approach that balances security needs with cost considerations.

The conversation also covers the relationship between CIS and privacy regulations like HIPAA and GDPR, practical implementation challenges, and how tools like Actifile can help meet CIS requirements, particularly in data security controls.