Tag Archive for: CIS®

Yugabyte announces CIS benchmark for YugabyteDB to elevate data security standards

/in


Member Article

First Distributed SQL Database Vendor to Complete the Benchmark

Yugabyte, the distributed PostgreSQL database company for cloud native applications, today announced that the Center for Internet Security (CIS) has published a security benchmark for the YugabyteDB database in collaboration with the Yugabyte security team. The new YugabyteDB CIS Benchmark introduces users of the open source database to security configuration and operational best practices to better protect their business-critical data, reduce the probability of data compromise, and enhance their cybersecurity posture. 

CIS benchmarks provide globally recognized best practices to guide security practitioners in effectively configuring, implementing and managing their cybersecurity defenses. Publishing the CIS Benchmark for YugabyteDB underscores Yugabyte’s commitment to enabling our customers to define, implement, and follow a comprehensive security program using their high-performance distributed PostgreSQL database solution. 

“As the digital landscape evolves, ensuring the utmost security and performance of your database is crucial,” said Maurice Olsen, Sr. Director, Information Security and Compliance at Yugabyte. “The CIS Benchmark for YugabyteDB showcases our commitment to meeting stringent industry security standards, as we provide our customers with a secure, highly performant, and resilient database, capable of safely managing a large volume of critical data.” 

CIS BenchmarksTM are consensus-developed secure configuration guidelines for hardening operating systems, servers, cloud environments, and more. The CIS Benchmarks include more than 100 configuration guidelines across 25+ vendor product families. Benchmarks are created through a unique consensus-development process, where subject matter experts, security professionals, and technologists from around the world contribute to the development to help protect systems against threats more confidently. 

The CIS Benchmark for YugabyteDB was a collaborative effort between Yugabyte and the…

Source…

The significance of CIS Control mapping in the 2023 Verizon DBIR

/in


Verizon’s recently released 2023 Data Breach Investigation Report (DBIR) provides organizations with a comprehensive analysis of the evolving threat landscape and valuable insights into incident types and vulnerabilities. This year, the report includes the mapping of CIS (Center for Internet Security) controls to Verizon’s incident classifications.

CIS Controls mapping

The CIS Controls serve as a starting point for organizations to build their risk assessments and implement safeguards to protect against system intrusions, social engineering attacks, basic web application attacks, miscellaneous errors, and lost and stolen assets—categories that have proven to be critical factors in previous security incidents.

Let’s examine how businesses can leverage this integration to proactively mitigate risks and strengthen their security defenses.

The importance of mapping CIS Controls to Verizon’s incident classifications

The mapping of CIS Controls to Verizon’s incident classifications presents organizations with an opportunity to optimize their security resources by aligning them with real-world security incidents. Organizations should consider conducting a comprehensive audit and risk assessment of the CIS Controls outlined in the DBIR by Verizon.

Instead of solely focusing on meeting the fundamental CIS Controls, organizations can now dive deeper into the analysis of CIS Controls that directly address the areas identified as having the highest impact in the report. By doing so, organizations can enhance their security posture, allocate resources more effectively, and better protect themselves against the most critical threats and vulnerabilities highlighted in the DBIR.

Leveraging CIS Controls to enhance risk assessments and safeguard implementation

The CIS Controls provide guidance on a comprehensive set of security measures that organizations can implement to mitigate risks and protect against various threats and vulnerabilities. Using something like DBIR research evidence to simplify the “why” (as to priorities in the CIS Controls) can help provide focus on the right actions to take.

These controls cover a wide range of critical areas, including data protection, secure…

Source…

CIS, Google Partner to Help Secure Public Sector

/in


The Center for Internet Security and Google are partnering to create the CIS & Google Cloud Alliance to help advance security and resilience for the broader technology ecosystem, with an emphasis on the public sector.

According to the organizations, the alliance will combine the companies’ experience to offer greater security to public sector entities. The Center for Internet Security (CIS) brings 20 years of helping U.S. state, local, tribal and territorial governments secure their infrastructure against cyber threats, and Google brings its experts and services from its Cybersecurity Action Team. In addition, Google brings insights from its Threat Horizons reports and resources from cyber forensics subsidiary Mandiant.

CIS also brings its established and globally recognized security frameworks, including the CIS Critical Security Controls and CIS Benchmarks, as well as operating the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC and EI-ISAC) that supports the security needs of state, local, tribal and territorial governments.

As part of Google’s recent strategy around cybersecurity, Google Cloud is now partnering with industry organizations in other sectors like healthcare and financial services. The company also introduced its Google Public Sector division focused on helping U.S. public sector institutions – including federal, state, and local governments, and educational institutions – accelerate their digital transformations.

According to the announcement, the organizations say this makes them “uniquely positioned to support organizations through the complexities of their digital transformations.”

In a statement, Gina Chapman, executive vice president of sales and business services at CIS, says the partnership combines two cybersecurity powerhouses and applies them to the underserved community of public sector organizations.

“The cybersecurity needs of the public sector demand best-in-class, cost-effective solutions that include implementation and operational support, and we look forward to how we can work together to support this community,” Chapman says.

MK Palmore, director of the officer of the CISO at…

Source…

Aqua Security Collaborates with CIS to Create the First

/in


BOSTON, June 22, 2022 (GLOBE NEWSWIRE) — Aqua Security, the leading pure-play cloud native security provider, and the Center for Internet Security (CIS), an independent, nonprofit organization with a mission to create confidence in the connected world, today released the industry’s first formal guidelines for software supply chain security. Developed through collaboration between the two organizations, the CIS Software Supply Chain Security Guide provides more than 100 foundational recommendations that can be applied across a variety of commonly used technologies and platforms. In addition, Aqua Security unveiled a new open source tool, Chain-Bench, which is the first and only tool for auditing the software supply chain to ensure compliance with the new CIS guidelines.

Establishing Best Practices for Software Supply Chain Security
Although threats to the software supply chain continue to increase, studies show that security across development environments remains low. The new guidelines establish general best practices that support key emerging standards like Supply Chain Levels for Software Artifacts (SLSA) and The Update Framework (TUF) while adding foundational recommendations for setting and auditing configurations on the Benchmark-supported platforms.

Within the guide, recommendations span five categories of the software supply chain, including Source Code, Build Pipelines, Dependencies, Artifacts, and Deployment (link to blog with overview).

CIS intends to expand this guidance into more specific CIS Benchmarks to create consistent security recommendations across platforms. As with all CIS guidance, the guide will be published and reviewed globally. Feedback will help ensure that future platform-specific guidance is accurate and relevant.

“By publishing the CIS Software Supply Chain Security Guide, CIS and Aqua Security hope to build a vibrant community interested in developing the platform-specific Benchmark guidance to come,” said Phil White, Benchmarks Development Team Manager for CIS. “Any subject matter experts that develop or work with the technologies and platforms that make up the software supply chain are encouraged to join the effort…

Source…