In episode 132 of Cybersecurity Where You Are, Sean Atkinson is joined by Valecia Stocchetti, Sr. Cybersecurity Engineer of the CIS Critical Security Controls (CIS Controls) at the Center for Internet Security® (CIS®). Together, they discuss what the first day, step, and dollar of implementing a controls framework look like for organizations stepping into their cybersecurity journey. Here are some highlights from our episode:

• 01:54. Building and improving a cybersecurity program through the power of consensus
• 04:55. The use of an assessment to determine where you are and where you're going
• 09:15. How cross-mapping to multiple frameworks simplifies regulatory compliance efforts
• 12:00. The use of governance to secure leadership buy-in for your cybersecurity program
• 13:33. Continuous auditing and monitoring as tools for adapting to change
• 15:10. How Controls prioritization flows through the Implementation Groups (IGs)
• 19:39. Leadership as the backbone for getting any business program off the ground
• 22:59. Calculating the cost of cyber defense as a preventative action
• 24:55. Tradeoffs with security tools to keep in mind so that you can budget efficiently
• 30:00. Qualifications when using security offerings of MSPs and CSPs

Resources

• CIS Community Defense Model 2.0
• How Risk Quantification Tests Your Reasonable Cyber Defense
• CIS Controls Self Assessment Tool (CIS CSAT)
• Guide to Implementation Groups (IG): CIS Critical Security Controls v8.1
• How to Plan a Cybersecurity Roadmap in 4 Steps
• The Cost of Cyber Defense: CIS Controls IG1

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].