Cybersecurity poses significant challenges for companies, but utilizing a security framework can streamline the implementation of security measures. The Center for Internet Security (CIS) provides benchmarks and controls to help organizations assess their security posture with tools like the CIS Controls® Self-Assessment Tool. This tool allows companies to benchmark their security maturity on a scale from 0 to 100 and aids in compliance with various security frameworks.

1. What is your Security Score?
Cybersecurity is one of the top challenges that faces every company. Fortunately,
companies do not have to create their own security program and instead can use a
security framework to jump-start the process. A framework documents security
standards (benchmarks) and processes that help companies define policies and
procedures to implement and manage information security controls.
For more information please visit
https://www.ciotalknetwork.com/what-is-your-security-score/
The challenge for companies is that there are many security frameworks and the myriad
of available technology causes confusion that leads to inaction. The Center for Internet
Security, Inc. (CIS®) describes the current situation: But all of this technology,
information, and oversight has become a veritable ‘Fog of More’ — competing options,
priorities, opinions, and claims that can paralyze or distract an enterprise from vital
action.

2. What is CIS Benchmarks?
CIS Controls® and CIS Benchmarks tools for companies to assess their security
posture. CIS® “is a forward-thinking, non-profit entity that harnesses the power of a
global IT community to safeguard private and public organizations against cyber
threats.” They created a global security standard and best practices to secure systems
and information against “the most pervasive attacks”.
CIS® defines a prioritized list of 20 best practices (i.e., security controls) that help
organizations improve cyber defenses. Further they group them into three
implementation groups that are relevant for small, medium and large companies. This
flexibility is necessary because small and medium companies cannot necessarily afford
the costs to implement all possible security controls at the highest level of maturity and
automation.
At Encore Electric, Inc., we used the free CIS Controls® Self-Assessment Tool (CSAT)
to benchmark our current security posture. We settled on this tool for a couple of
reasons. First, we wanted to benchmark our security posture with a numeric score that
is simple to understand and communicate to colleagues who have limited knowledge
and experience with information security. Second, we wanted a way to demonstrate our
level of compliance with particular security frameworks. The CSAT cross-references to
other security frameworks such as PCI DSS and NIST 800.
For each of the CIS controls, the CSAT measures the maturity against 4 levels: policy
defined, control implemented, control reported and control automated. Each level of
maturity adds points to an overall score for the CIS benchmarks. The total score ranges
from 0 to 100. The tool maps your responses across the 20 controls, compares with
averages and industry-specific data, and offers simple reports to communicate the
status and results.
Once we completed the benchmark, we now can make decisions on improving our
security posture. We appreciate that CIS® offers consensus-based benchmarks and
controls and objective global standards to better protect our information assets.