The Center for Internet Security (CIS) released a new version of their critical security controls white paper. You can download it for free HERE. Topics include best practices for network access control, having a inventory of authorized and unauthorized software, system configuration, vulnerability assessments, administrating role based access controls, email and web best practices, breach detection and so on. This is a really good document to evaluate your current state of security as well as learn some methods to improve your security posture.
Here is a summary of the critical security controls document.
The Center for Internet Security (CIS) presents the CIS Critical Security Controls for Effective Cyber Defense Version 6.0, a recommended set of actions that provide specific and actionable ways to stop today’s most pervasive and dangerous cyber attacks.
The CIS Critical Security Controls (CIS Controls) are especially relevant because they are updated by cyber experts based on actual attack data pulled from a variety of public and private threat sources. Version 6 incorporates recommended changes from the cybersecurity community to reflect the latest technologies and threats. The new Controls include a new Control for “Email and Web Browser Protections,” a deleted Control on “Secure Network Engineering,” and a re-ordering to make “Controlled Use of Administration Privileges” higher in priority. This version also includes a new metrics companion guide.