Cavirin Case Studies Center for Internet Security Critical Security Controls v.6.0

Edit This Case Study Record

	Center for Internet Security Critical Security Controls v.6.0 Cavirin

Center for Internet Security Critical Security Controls v.6.0

Cavirin

Technology Category	Cybersecurity & Privacy - Cloud Security Cybersecurity & Privacy - Database Security Cybersecurity & Privacy - Network Security
Applicable Industries	Finance & Insurance Healthcare & Hospitals
Applicable Functions	Discrete Manufacturing Logistics & Transportation
Use Cases	Cybersecurity Regulatory Compliance Monitoring Remote Asset Management
Services	Cloud Planning, Design & Implementation Services Cybersecurity Services Data Science Services
Challenge	The article discusses the challenges faced by organizations in the face of increasing cyber threats. These include the difficulty in assessing and documenting cyber risk, the rapid pace of technology which increases dependency on third parties, and the inability of IT to trace or control data exfiltration. The role of government and information custody is often misunderstood, and findings in audit reports can become barriers to business. In today’s cloud economy, customer due diligence has become a mandate. The article also highlights the importance of complying with the Center for Internet Security’s Critical Security Controls (CIS CSC v6.0), which are updated by cyber experts based on actual attack data from various public and private threat sources. Read More
About Customer	The customer in this case study is not explicitly mentioned. However, the article implies that the customers are organizations that are facing challenges in the face of increasing cyber threats. These organizations could be from various industries, including but not limited to finance, insurance, healthcare, and hospitals. They are likely to be large organizations with a significant dependency on technology and third parties. These organizations are struggling with assessing and documenting cyber risk, controlling data exfiltration, and understanding the role of government and information custody. They are also facing challenges with external controls assessment and are often failing due to improper security settings, incorrect configurations, low levels of encryption, or poor policies and procedures. Read More
Solution	The solution proposed in the article is Cavirin’s Automated Risk Analysis Platform (ARAP™). This platform assists Chief Risk & Security, as well as IT and DevOps leadership in gathering configuration data used to address their top security and compliance challenges. These challenges include settings that indicate missing patches for operating systems and applications, monitoring and detecting sensitive data loss (data exfiltration), locating policies that enable weak passwords, lack of logs and audit trails necessary to conduct forensics, security validation for new systems, missing or outdated anti-malware technology, settings that enable encryption of sensitive information in transit, and the information necessary to remediate deficiencies that would otherwise be impossible to manage due to the lack of trained staff maintaining security controls. The platform is a Cloud Native platform supporting 12-factor patterns and works with Private, Hybrid, and Public Clouds and Support AWS, Azure, GCP (Google Cloud Platform). Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Cloud Security

Cybersecurity & Privacy - Database Security

Cybersecurity & Privacy - Network Security

Applicable Industries

Finance & Insurance

Healthcare & Hospitals

Applicable Functions

Discrete Manufacturing

Logistics & Transportation

Use Cases

Cybersecurity

Regulatory Compliance Monitoring

Remote Asset Management

Services

Cloud Planning, Design & Implementation Services

Cybersecurity Services

Data Science Services

Challenge

The article discusses the challenges faced by organizations in the face of increasing cyber threats. These include the difficulty in assessing and documenting cyber risk, the rapid pace of technology which increases dependency on third parties, and the inability of IT to trace or control data exfiltration. The role of government and information custody is often misunderstood, and findings in audit reports can become barriers to business. In today’s cloud economy, customer due diligence has become a mandate. The article also highlights the importance of complying with the Center for Internet Security’s Critical Security Controls (CIS CSC v6.0), which are updated by cyber experts based on actual attack data from various public and private threat sources.

About Customer

The customer in this case study is not explicitly mentioned. However, the article implies that the customers are organizations that are facing challenges in the face of increasing cyber threats. These organizations could be from various industries, including but not limited to finance, insurance, healthcare, and hospitals. They are likely to be large organizations with a significant dependency on technology and third parties. These organizations are struggling with assessing and documenting cyber risk, controlling data exfiltration, and understanding the role of government and information custody. They are also facing challenges with external controls assessment and are often failing due to improper security settings, incorrect configurations, low levels of encryption, or poor policies and procedures.

Solution

The solution proposed in the article is Cavirin’s Automated Risk Analysis Platform (ARAP™). This platform assists Chief Risk & Security, as well as IT and DevOps leadership in gathering configuration data used to address their top security and compliance challenges. These challenges include settings that indicate missing patches for operating systems and applications, monitoring and detecting sensitive data loss (data exfiltration), locating policies that enable weak passwords, lack of logs and audit trails necessary to conduct forensics, security validation for new systems, missing or outdated anti-malware technology, settings that enable encryption of sensitive information in transit, and the information necessary to remediate deficiencies that would otherwise be impossible to manage due to the lack of trained staff maintaining security controls. The platform is a Cloud Native platform supporting 12-factor patterns and works with Private, Hybrid, and Public Clouds and Support AWS, Azure, GCP (Google Cloud Platform).

Impact #1	Continuous testing over controls could prevent costs in business disruption, time-consuming client discussion, or lost business opportunities.
Impact #2	Review and response to address recommended fix actions allows timely remediation to found problems.
Impact #3	Rapid completion of unnecessarily disruptive SOC 2 audit events.

Impact #1

Continuous testing over controls could prevent costs in business disruption, time-consuming client discussion, or lost business opportunities.

Impact #2

Review and response to address recommended fix actions allows timely remediation to found problems.

Impact #3

Rapid completion of unnecessarily disruptive SOC 2 audit events.

Download PDF Version

Overview

Center for Internet Security Critical Security Controls v.6.0

Operational Impact