The significance of CIS Control mapping in the 2023 Verizon DBIR

/in


Verizon’s recently released 2023 Data Breach Investigation Report (DBIR) provides organizations with a comprehensive analysis of the evolving threat landscape and valuable insights into incident types and vulnerabilities. This year, the report includes the mapping of CIS (Center for Internet Security) controls to Verizon’s incident classifications.

CIS Controls mapping

The CIS Controls serve as a starting point for organizations to build their risk assessments and implement safeguards to protect against system intrusions, social engineering attacks, basic web application attacks, miscellaneous errors, and lost and stolen assets—categories that have proven to be critical factors in previous security incidents.

Let’s examine how businesses can leverage this integration to proactively mitigate risks and strengthen their security defenses.

The importance of mapping CIS Controls to Verizon’s incident classifications

The mapping of CIS Controls to Verizon’s incident classifications presents organizations with an opportunity to optimize their security resources by aligning them with real-world security incidents. Organizations should consider conducting a comprehensive audit and risk assessment of the CIS Controls outlined in the DBIR by Verizon.

Instead of solely focusing on meeting the fundamental CIS Controls, organizations can now dive deeper into the analysis of CIS Controls that directly address the areas identified as having the highest impact in the report. By doing so, organizations can enhance their security posture, allocate resources more effectively, and better protect themselves against the most critical threats and vulnerabilities highlighted in the DBIR.

Leveraging CIS Controls to enhance risk assessments and safeguard implementation

The CIS Controls provide guidance on a comprehensive set of security measures that organizations can implement to mitigate risks and protect against various threats and vulnerabilities. Using something like DBIR research evidence to simplify the “why” (as to priorities in the CIS Controls) can help provide focus on the right actions to take.

These controls cover a wide range of critical areas, including data protection, secure…

Source…