Cybersecurity Program

Site2 has partnered with the Center for Internet Security (CIS) to deliver Cyber Best Practices.

The CIS Best Practices outline a comprehensive set of cybersecurity tools and controls developed by IT and security experts to address the most common cyber threats and vulnerabilities.

CIS Critical Security Controls (CSC 20)

Site2 will guide your organization through a series of 20 foundational and advanced cybersecurity controls, resulting in the elimination of the most common cyber attacks.

new-top-20-graphic-opt1.jpg

The CSC 20 help clients ensure compliance with industry and federal regulations including FINRA, HIPAA and NIST standards.  The first five controls provide a foundation for the next 15 advanced controls:

CSC 1: Inventory of Authorized and Unauthorized Devices
CSC 2: Inventory of Authorized and Unauthorized Software
CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
CSC 4: Continuous Vulnerability Assessment and Remediation
CSC 5: Controlled Use of Administrative Privileges

Post implementation, we provide ongoing monitoring and management of the Controls to help ensure continued compliance,  and success.

CIS Benchmarks

Out of the box, most operating systems are designed for ease of use and convenience — not security.  CIS’s global community of cybersecurity experts have developed over 100 configuration guidelines (benchmarks) designed to safeguard computer systems.  Benchmarks have been developed for all of the major system platforms including:

  • Microsoft Windows Operating Systems, SQL Server, Exchange, IIS, SharePoint
  • Debian, Ubuntu, CentOS, Amazon, RedHat Suse Linux
  • Apache Tomcat and HTTP server
  • VMware
  • Apple OS
  • Oracle Database and Solaris
  • many more…

Site2 helps organizations implement and maintain compliance with the CIS Benchmarks.

MS-ISAC Advisories

Advisories issued by the Multi-state Information Sharing and Advisory Center (MS-ISAC) provide Site2 with access to the latest threats and vulnerabilities.  This helps us to operate in a constant stream of new information: software updates, patches, security advisories, threat bulletins, etc. Understanding and managing vulnerabilities has become a continuous activity, requiring significant time, attention, and resources.

Site2 has incorporated these and other industry best practices to deliver an end-to-end Cybersecurity Program for our clients.  Contact us to learn how we can assess and reduce your organization’s cybersecurity risk.