DOCTRINES OF EFFECTIVE CYBER DEFENCE
As we already discussed, there are five tenets to a reliable Cybersecurity program:
Offence informs defence: Build more effective security measures learning from past attacks and threats. Only controls proven to be effective should be considered.
Prioritization: Prioritize the
controls that have been effective in the real-world against threats. The ease of implementation should also be a consideration.
Measurements and metrics:
Measurements and metrics are essential to assess the effectiveness of your security measures. They also enable all stakeholders in your security team to speak the same language.
Continuous diagnostics and mitigation: Test and assess your security protocols regularly to help implement the next steps.
Automation: Automate your cybersecurity activities to ensure compliance and gain a reliable and scalable cyber defence.
The CIS Controls best practices help enterprises to counter and prevent cyber attacks and threats. The controls are divided into three categories- basic, foundational, and organizational controls.
THE IMPLEMENTATION GROUPS
Organisations will have the means, budget or requirement recommend.
To combat this, all of the Safeguards underneath each Control are categorized into Implementation Groups.
Each Implementation Group builds on the one before it, so IG2 includes all the Safeguards from IG1 and IG3 includes all the Safeguards from both IG1 and IG2.
A good goal for an organization or business of any size is to start with implementing everything that as a part of Implementation Group 1 (IG1).
Once they have implemented all IG1 Safeguards Depending on requirements and budget, they can then start to implement Safeguards from Implementation Group 2 (IG2).
Finally, again depending on requirements and budget, they can then start to implement Safeguards from Implementation Group 3 (IG3).
 Introduction | Threats | NIST Security | Framework | CIS Controls | NSA Risk Levels | The Controls | How We Can Help