DeepAI AI Chat
Log In Sign Up

A Critical View on CIS Controls

by   Stjepan Groš, et al.

CIS Controls is a set of 20 controls and 171 sub-controls that were created with an idea of having a list of something to implement so that organizations can increase their security. While good in theory, it is a big question of how viable this approach is in practice, and does it really help. There is only a minor number of critical views of CIS Controls and since CIS Controls are marketed by two very influential organizations they are very popular. Yet, there are alternatives published by ISO, NIST and even PCI consortium. In this paper we critically assess CIS Controls, assumptions on which they are based as well as validity of approach and claims made in its favor. The conclusion is that scientific community should be more active regarding this topic, but also that more material is necessary. This is something that CIS and SANS should support if they want to make CIS Controls viable alternative to other approaches.


page 1

page 2

page 3

page 4


An investigation of security controls and MITRE ATT&CK techniques

Attackers utilize a plethora of adversarial techniques in cyberattacks t...

Semantic Characteristics of Schizophrenic Speech

Natural language processing tools are used to automatically detect distu...

Assessing Omitted Variable Bias when the Controls are Endogenous

Omitted variables are one of the most important threats to the identific...

Program Controls Effectiveness Measurement Framework Metrics

Any program that is designed to accomplish certain objectives, needs to ...

Conceptualizing experimental controls using the potential outcomes framework

The goal of a well-controlled study is to remove unwanted variation when...

COMMAND: Certifiable Open Measurable Mandates

Security mandates today are often in the form of checklists and are gene...

Effects of High Iodine Containing Low Osmolar Contrast Agent (Visipaque) on Thyroid Function Tests

Objective: Investigating high iodine containing low osmolar contrast age...