CIS Control 5 should be called the ‘Remember-what-happened-to-the-Death-Star’ security control because it’s all about hardening systems against cyber-attacks through secure configuration settings. And just in case you don’t remember what happened to the Star Wars® Death Star, it was designed to be impregnable, seemingly impossible to attack. But it still needed an engine, which in turn needed an exhaust port, which ultimately left it prone to a fatal strike. Therefore, in any scenario, be it for IT systems or planet-busting, intergalactic weapons of mass destruction, reducing the ‘attack surface’ is a critical security control.

Research suggests that the gap between digital security teams and IT operations is growing. The genesis of this problem appears to be the inability for IT operations to reliably asses or control the state and condition of assets in line with the priorities and business objectives set out by the security team & vice versa. The result is an increase in vulnerabilities, leading to an increased risk of breaches along with an inability to make good decisions about investments in security controls and operational infrastructure.

Hear from Tony Sager Senior Vice President and Chief Evangelist of Center for Internet Security and Mark Kedgley CTO of New Net Technologies as they discuss Critical Control #5 and explore an effective SecureOps strategy with the ultimate goal of aligning IT operations with effective security controls that increases service availability while mitigating security risk at the same time.