Rahul Khengare, profile picture
Uploaded byRahul Khengare
PDF, PPTX1,607 views

CIS Security Benchmark

Rahul Khengare gave a presentation on the CIS Security Benchmark to the DevOps-Pune Meetup Group. The agenda included an introduction to the CIS Benchmark, a discussion of the need for compliance, and a demonstration of automation tools. The CIS Benchmark provides consensus-based security configuration guides for technologies including cloud platforms, operating systems, containers, and SaaS products. It defines policies across categories such as identity and access management, logging, and networking. Open source tools like Prowler and Cloudneeti can be used to automate compliance checks against the CIS Benchmark.

Embed presentation

Download as PDF, PPTX
Rahul Khengare 2 3 r d F e b 2 0 1 9 D e v O p s - P u n e M e e t u p G r o u p CIS Security Benchmark
S r. DevO ps Lead • DevOps/DevSecOps/SRE • Blogger(https://oss-world.blogspot.com) • Open Source Software and CIS Contributor • Co-Organizer • DevOps-Pune • DevSecOps-Pune • Past Organization: Motifworks, NTT Data • https://www.linkedin.com/in/rahulkhengare About Me
• Compliance Need • What is CIS? • How to Achieve Compliance • Demo Agenda
Data Breac h es https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html Compliance Need
S u r vey O f S ec u rity Profession al Source: 2018 Cloud Security Report, Cybersecurity Insiders Compliance Need
Dimention s ProcessPeople Technology Compliance
Center for Intern et S ec u rity • For Technology • Consensus-based development process • Security configuration guide • Best Current Practice + Best Leading Practice • Automation support CIS Benchmark
Availab le Cloud • Azure, AWS, GCP Operating System • Linux, Windows, Mac OS Containers • Docker, Kubernetes Web Technology • Apache, Nginx SaaS Product • Microsoft Office 365 Other • Chrome, Internet Explorer, IBM • CISCO, many more CIS Benchmark
O ver view Benchmark Category1 Category NCategory3Category2 Policies PoliciesPoliciesPolicies CIS Benchmark
S amp le Categories • Identity & Access Management (IAM) • Logging • Monitoring • Networking • Other (VM, App Plans) CIS Benchmark
Polic y O ver view • Compliance Number • Policy Name • Profile Applicability(Level1, Level2) • Score • Description • Rationale • Audit Procedure • Remediation Procedure • Impact • Default Value • References CIS Benchmark
O p en S ou rc e Tool • Prowler • AWS-security-benchmark • CloudSploit • cs-suite CIS Automation
Demo Cloudneeti and Prowler
Prowler
• https://workbench.cisecurity.org • https://github.com/toniblyx/prowler • https://github.com/awslabs/aws-security-benchmark • https://github.com/cloudsploit/scans • https://github.com/SecurityFTW/cs-suite References
Any Questions?
Thank You.

More Related Content

PDF
PwC Point of View on Cybersecurity Management
byCA Technologies
 
PPTX
Cyber Security roadmap.pptx
bySandeepK707540
 
PDF
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
byTuan Phan
 
PDF
Introduction to NIST Cybersecurity Framework
byTuan Phan
 
PPTX
Cybersecurity Assessment Framework - Slideshare.pptx
byAzra'ee Mamat
 
PDF
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
byWAJAHAT IQBAL
 
PDF
Patch and Vulnerability Management
byMarcelo Martins
 
PDF
A Case Study of the Capital One Data Breach
byAnchises Moraes
 
PwC Point of View on Cybersecurity Management
byCA Technologies
 
Cyber Security roadmap.pptx
bySandeepK707540
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
byTuan Phan
 
Introduction to NIST Cybersecurity Framework
byTuan Phan
 
Cybersecurity Assessment Framework - Slideshare.pptx
byAzra'ee Mamat
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
byWAJAHAT IQBAL
 
Patch and Vulnerability Management
byMarcelo Martins
 
A Case Study of the Capital One Data Breach
byAnchises Moraes
 

What's hot

PDF
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
PPT
Introduction To OWASP
byMarco Morana
 
PPTX
Introduction to penetration testing
byNezar Alazzabi
 
PPT
Secure code practices
byHina Rawal
 
PDF
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
PPTX
OWASP Top 10 2021 Presentation (Jul 2022)
byTzahiArabov
 
PPTX
What is Penetration Testing?
bybtpsec
 
PPTX
Logging, monitoring and auditing
byPiyush Jain
 
PDF
Programme de cybersécurité : Implementer le framework NIST CSF en entreprise
byEyesOpen Association
 
PDF
IBM Security QFlow & Vflow
byCamilo Fandiño Gómez
 
PPTX
CIS bench marks for public clouds
byNagesh Ramamoorthy
 
PPTX
Zero trust Architecture
byAddWeb Solution Pvt. Ltd.
 
PDF
SIEM Architecture
byNishanth Kumar Pathi
 
PPTX
Cyber kill chain
byAnkita Ganguly
 
PPTX
Cyber Kill Chain.pptx
byVivek Chauhan
 
PPTX
SOAR and SIEM.pptx
byAjit Wadhawan
 
PDF
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
byEdureka!
 
PPTX
Secure coding practices
byMohammed Danish Amber
 
PDF
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
byParishSummer
 
PPTX
API Security Fundamentals
byJosé Haro Peralta
 
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
Introduction To OWASP
byMarco Morana
 
Introduction to penetration testing
byNezar Alazzabi
 
Secure code practices
byHina Rawal
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
OWASP Top 10 2021 Presentation (Jul 2022)
byTzahiArabov
 
What is Penetration Testing?
bybtpsec
 
Logging, monitoring and auditing
byPiyush Jain
 
Programme de cybersécurité : Implementer le framework NIST CSF en entreprise
byEyesOpen Association
 
IBM Security QFlow & Vflow
byCamilo Fandiño Gómez
 
CIS bench marks for public clouds
byNagesh Ramamoorthy
 
Zero trust Architecture
byAddWeb Solution Pvt. Ltd.
 
SIEM Architecture
byNishanth Kumar Pathi
 
Cyber kill chain
byAnkita Ganguly
 
Cyber Kill Chain.pptx
byVivek Chauhan
 
SOAR and SIEM.pptx
byAjit Wadhawan
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
byEdureka!
 
Secure coding practices
byMohammed Danish Amber
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
byParishSummer
 
API Security Fundamentals
byJosé Haro Peralta
 

Similar to CIS Security Benchmark

PPTX
Cybersecurity by the numbers
byEoin Keary
 
PPTX
Security For Humans
byconjur_inc
 
PDF
Good-cyber-hygiene-at-scale-and-speed
byJames '​-- Mckinlay
 
PDF
cybersecurity-careers.pdf
byRakeshKumar442494
 
PPTX
So You Want a Job in Cybersecurity
by2nd Sight Lab
 
PPTX
Continuous Compliance 14.9.2016
byDigia Plc
 
PDF
Scot Secure 2019 Edinburgh (Day 2)
byRay Bugg
 
PDF
Cybersecurity domains-map-3.0
byOscar Ferreira
 
PDF
Cybersecurity Roadmap for Beginners
bySanjeev Kumar Jaiswal
 
PDF
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
bySharique Rizvi
 
PDF
Treating Security Like a Product
byVMware Tanzu
 
PPTX
Security for Humans
byDustin Collins
 
PDF
DevSecOps: Taking a DevOps Approach to Security
byAlert Logic
 
PPTX
Cyber Security and GDPR Made Easy
byChristoanSmit
 
PPTX
ISACA Ireland Keynote 2015
byShannon Lietz
 
PDF
The What, Why, and How of DevSecOps
byCprime
 
PDF
Web Security... Level Up
byIzzet Mustafaiev
 
PPTX
Building-a-Cybersecurity-Startup-Tools-Skills-and-Market-Needs.pptx
byhaaniaiman950
 
PDF
CYBER SECURITY CAREER GUIDE CHEAT SHEET
byTravarsaPrivateLimit
 
PDF
Servers compliance: audit, remediation, proof
byRUDDER
 
Cybersecurity by the numbers
byEoin Keary
 
Security For Humans
byconjur_inc
 
Good-cyber-hygiene-at-scale-and-speed
byJames '​-- Mckinlay
 
cybersecurity-careers.pdf
byRakeshKumar442494
 
So You Want a Job in Cybersecurity
by2nd Sight Lab
 
Continuous Compliance 14.9.2016
byDigia Plc
 
Scot Secure 2019 Edinburgh (Day 2)
byRay Bugg
 
Cybersecurity domains-map-3.0
byOscar Ferreira
 
Cybersecurity Roadmap for Beginners
bySanjeev Kumar Jaiswal
 
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
bySharique Rizvi
 
Treating Security Like a Product
byVMware Tanzu
 
Security for Humans
byDustin Collins
 
DevSecOps: Taking a DevOps Approach to Security
byAlert Logic
 
Cyber Security and GDPR Made Easy
byChristoanSmit
 
ISACA Ireland Keynote 2015
byShannon Lietz
 
The What, Why, and How of DevSecOps
byCprime
 
Web Security... Level Up
byIzzet Mustafaiev
 
Building-a-Cybersecurity-Startup-Tools-Skills-and-Market-Needs.pptx
byhaaniaiman950
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
byTravarsaPrivateLimit
 
Servers compliance: audit, remediation, proof
byRUDDER
 

More from Rahul Khengare

PDF
Container Security Using Microsoft Defender
byRahul Khengare
 
PDF
AzurePolicy DevOps Pune Feb23
byRahul Khengare
 
PPTX
You2.0
byRahul Khengare
 
PPTX
Introduction to micro-services @DevOps pune Meetup
byRahul Khengare
 
PPSX
DPI2012
byRahul Khengare
 
PPTX
Serf@devops pune
byRahul Khengare
 
Container Security Using Microsoft Defender
byRahul Khengare
 
AzurePolicy DevOps Pune Feb23
byRahul Khengare
 
You2.0
byRahul Khengare
 
Introduction to micro-services @DevOps pune Meetup
byRahul Khengare
 
DPI2012
byRahul Khengare
 
Serf@devops pune
byRahul Khengare
 

Recently uploaded

PDF
LogiNext Media Kit & Company Overview 2025
byswatishahz9031
 
PDF
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 
PDF
ChampionMATES – Compete With Friends. Predict Sports. Become the Champion.
byRafal Ksiazek
 
PDF
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
PDF
LogiNext Media Kit & Company Overview 2025
bypriyajoshi2929
 
PDF
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
PPTX
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
DOCX
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
PDF
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
PDF
LogiNext Media Kit & Company Overview 2025
bydhrutipatelk5617
 
PPTX
Marketo API Deep Dive From Basics to AI-Ready Foundations - January 2026.pptx
bybbedford2
 
PDF
Accelerating Data Validation with QuerySurge AI
byRTTS
 
PDF
V3Cube Innovating Digital Business Solutions
byV3CUBE TECHNOLABS
 
PDF
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 
PDF
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 
PDF
谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]
by6stynggfo
 
PDF
Malware_Detection_A_Framework_for_Reverse_Engineered_Android_Applications_Thr...
byKiritiyadavGoskula
 
PDF
Manual Testing Still Matters: 7 Areas Where Humans Beat Automation
byKiwiQA Services
 
PDF
🤖🧰 SPRING AI AGENTIC PATTERNS (PART 1): AGENT SKILLS
byVincent Vauban
 
PDF
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
LogiNext Media Kit & Company Overview 2025
byswatishahz9031
 
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 
ChampionMATES – Compete With Friends. Predict Sports. Become the Champion.
byRafal Ksiazek
 
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
LogiNext Media Kit & Company Overview 2025
bypriyajoshi2929
 
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
LogiNext Media Kit & Company Overview 2025
bydhrutipatelk5617
 
Marketo API Deep Dive From Basics to AI-Ready Foundations - January 2026.pptx
bybbedford2
 
Accelerating Data Validation with QuerySurge AI
byRTTS
 
V3Cube Innovating Digital Business Solutions
byV3CUBE TECHNOLABS
 
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 
谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]
by6stynggfo
 
Malware_Detection_A_Framework_for_Reverse_Engineered_Android_Applications_Thr...
byKiritiyadavGoskula
 
Manual Testing Still Matters: 7 Areas Where Humans Beat Automation
byKiwiQA Services
 
🤖🧰 SPRING AI AGENTIC PATTERNS (PART 1): AGENT SKILLS
byVincent Vauban
 
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 

CIS Security Benchmark

  • 1.
    Rahul Khengare 2 3r d F e b 2 0 1 9 D e v O p s - P u n e M e e t u p G r o u p CIS Security Benchmark
  • 2.
    S r. DevOps Lead • DevOps/DevSecOps/SRE • Blogger(https://oss-world.blogspot.com) • Open Source Software and CIS Contributor • Co-Organizer • DevOps-Pune • DevSecOps-Pune • Past Organization: Motifworks, NTT Data • https://www.linkedin.com/in/rahulkhengare About Me
  • 3.
    • Compliance Need •What is CIS? • How to Achieve Compliance • Demo Agenda
  • 4.
    Data Breac hes https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html Compliance Need
  • 5.
    S u rvey O f S ec u rity Profession al Source: 2018 Cloud Security Report, Cybersecurity Insiders Compliance Need
  • 6.
  • 7.
    Center for Internet S ec u rity • For Technology • Consensus-based development process • Security configuration guide • Best Current Practice + Best Leading Practice • Automation support CIS Benchmark
  • 8.
    Availab le Cloud • Azure,AWS, GCP Operating System • Linux, Windows, Mac OS Containers • Docker, Kubernetes Web Technology • Apache, Nginx SaaS Product • Microsoft Office 365 Other • Chrome, Internet Explorer, IBM • CISCO, many more CIS Benchmark
  • 9.
    O ver view Benchmark Category1Category NCategory3Category2 Policies PoliciesPoliciesPolicies CIS Benchmark
  • 10.
    S amp leCategories • Identity & Access Management (IAM) • Logging • Monitoring • Networking • Other (VM, App Plans) CIS Benchmark
  • 11.
    Polic y Over view • Compliance Number • Policy Name • Profile Applicability(Level1, Level2) • Score • Description • Rationale • Audit Procedure • Remediation Procedure • Impact • Default Value • References CIS Benchmark
  • 12.
    O p enS ou rc e Tool • Prowler • AWS-security-benchmark • CloudSploit • cs-suite CIS Automation
  • 13.
  • 14.
  • 15.
    • https://workbench.cisecurity.org • https://github.com/toniblyx/prowler •https://github.com/awslabs/aws-security-benchmark • https://github.com/cloudsploit/scans • https://github.com/SecurityFTW/cs-suite References
  • 16.
  • 17.