The Center for Internet Security Controls or CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of Cybersecurity controls.

The 153 Safeguards, which are found in the 18 controls, are a foundation to protecting your technology and data. They are not rocket science and the majority you can start to implement today.

Follow along as I outline and simplify the safeguards as we work together and SecureIT.

We've looked at Safeguards 1.1 and 1.2 on establishing a detailed asset inventory and how to address unauthorized assets. Both 1.1 and 1.2 are required for every Implementation Group.

Safeguard 1.3 is only required for IG2 and IG3, which is utilizing an Active Discovery Tool. This is a tool that can identify assets connected to the network. The tool must be configured to execute at least daily, or more frequently.

This is the requirement for a script, application, or other tool that will automatically scan and identify assets connected to the network. Tools that I mentioned previously like Liongard, or your Remote Monitoring Management tool likely have a probe or inspector that will automatically scan the network for new assets.

Other tools like ManageEngine OpManager, Atera, Paessler AG's PRTG, Netwrix Corporation Auditor, and Kaseya's RapidFire Tools Network Detective Pro are some other tools that have features that can help you check off this safeguard checkmark.

Even if you're not looking at meeting IG2 or IG3 standards, this is a best practice and a tool you should have.

The reason you need to have an active discovery tool is how easy it is to get someone to plug in an unknown asset. It could be someone plugging in a home picture frame (IoT device), Raspberry Pi, or a personal computer. Those are all innocent behaviors that the employee just didn't understand the risk.

It's the open network ports, ports behind televisions, the open WiFi, posted WiFi password on the wall, or even the ex-employee who remembers the password. It's the nefarious actor who delivers Pizza to get by reception only to plug in a device that he will wirelessly access from outside.

Without an active discovery tool running you'll never know. When you don't have the tools to scan for it, you can't protect the data or your network.

Also scan more often than once a day, I can connect a computer, run scripts, explore the network and be out in under an hour. If you only scan once a day, you may never know I just downloaded all of your client data.

Need help getting started with your Policy?  Download a Asset Management Template here!

Join the conversation on LinkedIn - https://www.linkedin.com/posts/scottrdavispa_ciscontrols-safeguards-secureit-activity-7067884632142139392-DJTn?utm_source=share&utm_medium=member_desktop