CIS Controls 1-18

Question 1

Control 1 Inventory and control of enterprise assets

Answer 1

Helps organizations actively track and manage all IT assets connected to a company’s IT infrastructure physically or virtually.

Question 2

2 Inventory and control of software assets

Answer 2

Provides recommendations for organizations to track and actively manage all software applications so that only authorized software is installed on company devices.

Question 3

Data Protection

Answer 3

Helps organizations develop ways to securely manage the entire life cycle of their data, from initial identification and classification data to its disposal.

Question 4

Secure configuration of enterprise assets and software

Answer 4

Helps organizations establish and maintain secure baseline configurations for their enterprise assets

Question 5

Account management

Answer 5

This control outlines best practices for companies to manage credentials and authorization for user accounts, privileged user accoutns, and service accounts for the company hardware and software applications

Question 6

Access control management

Answer 6

Specifies the type of access that the user account should have.

Question 7

Continuous vulnerability management

Answer 7

Helps identify and track vulnerabilities within its infrastructure so that it can remediate and eliminate weak points or windows of opportunity for bad actors.

Question 8

Audit log management

Answer 8

Establishes an enterprise log management process so that organizations can be altered and recover from an attack in real-time, or near real time, using log collection and analytic features.

Question 9

Email and Web browse protection

Answer 9

Provides recommendations on how to detect and protect against cybercrime attempted through email or the internet by directly engaging employees.

Question 10

Data recovery

Answer 10

Established data backup, testing, and restoration processes that allow organizations to effectively recover company assets to a pre-incident state

Question 11

Malware defenses

Answer 11

Assists companies in preventing the installation and propagation of malware onto company assets and its network

Question 12

Network infrastructure management

Answer 12

Established procedures and tools for managing and securing a company’s network infrastructure. Network infostructure included both physical and virtual devices, such as firewalls, gateways, routers, etc

Question 12

Network monitoring and defense

Answer 12

Establishes processes for monitoring and defending a company’s network infrastructure against internal and external security threats.

Question 13

Security Awareness and skill training

Answer 13

Guides organizations in establishing a security awareness and training program to reduce cybersecurity risk

Question 14

Service provider management

Answer 14

Helps organizations develop processes to evaluate third-party service providers that have access to sensitive data or that are responsible for managing some or all of a company’s IT functions.

Question 15

Application software security

Answer 15

Establishes safeguards that manage the entire life cycle of software that is acquired, hosted, or developed in-house to detect, deter, and resolve cybersecurity weaknesses before they are exploited

Question 16

Incident response management

Answer 16

Provides the recommendations necessary to establish an incident response management program to detect, respond, and prepare for potential cybersecurity attacks.

Question 17

Penetration testing

Answer 17

Helps organizations test the sophistication of their cybersecurity defense system in place by simulating actual attacks in an effort to not just find but exploit weaknesses.