Note: CVSS score 8.8(for databases) and 9.8(WebLogic servers).
What Software and Frameworks can be used for Control A 18.2.1 “Independent Review Of Information Security” (ISO 27001)? (PART 1)
Control A 18.2.1: This control is used for an independent review of the information security controls, policies, processes, etc. There are several frameworks and software that can be used to implement this control, some of which are:
PCI DSS (link:https://www.pcisecuritystandards.org/)
NIST SP 800-53 (link:https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final)
NIST Cybersecurity Framework (link:https://www.nist.gov/cyberframework)
ISO 27000 Series (link:https://www.iso.org/isoiec-27001-information-security.html)
NERC 1300 (link: https://www.nerc.com/search/Pages/results.aspx?k=1300)
ANSI/ISA 62443 (link:https://www.isa.org/technical-topics/cybersecurity/cybersecurity-resources)
In this blog, we will be talking about CIS:
CIS: The CIS Controls align with the NIST Cybersecurity Framework, which was designed to create a common language for managing risk within a company. In other words, it helps companies answer critical questions about their cybersecurity program such as what inventory they need to protect, and where gaps in security lie.
The CIS Controls are a prioritized set of actions that work together to form a defense set of practices that help against the most common attacks against most systems and networks. These controls were developed by IT experts with knowledge and experience used to create the best global cybersecurity practices. As their job itself being cybersecurity, CIS has access to advanced technology and an extraordinary array of security tools. To ensure the security of your network/system, they have access to all sorts of alert services, threat detection services, a lot of security checklists, and more. With technology advancing more and more every day, they have access to even more digital forms of security checking than ever before. But what led to the need for these controls was also the evolution of technology, the more advanced technology, and its services throughout the world get, the more threats of different kinds rise, and to ensure that your network stays secure and safe from these threats, the CIS controls exist.
For more information, check out their site:
Other site(s) used for information:
Note: Part-1 Article by "Waqar Mehboob"
Note: Article by "Waqar Mehboob"