Episode 156: How CIS Uses CIS Products and Services

In episode 156 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Stephanie Gass, Sr. Director of Information Security at Center for Internet Security® (CIS®), and Angelo Marcotullio, Chief Information Officer at CIS. Together, they explore how CIS practices what it preaches by using CIS products and services internally, which includes implementation of the CIS Critical Security Controls® (CIS Controls®) and CIS Benchmarks®, automation, and alignment to compliance frameworks. Their discussion highlights how CIS builds a strong cybersecurity foundation while adapting to evolving threats and regulatory requirements.The conversation dives into practical applications, cultural alignment, and the importance of repeatable processes for scaling security across new products and services. It also touches on the role of privacy regulations, cyber risk quantification, and the community-driven approach that underpins CIS best practices. Here are some highlights from our episode:01:12. Why CIS “drinks its own champagne” when it comes to cybersecurity02:56. Three ways the CIS Controls help modern enterprises defend against threat actors04:02. The importance of pulling together security lessons learned in a way that's translatable10:03. Our use of the CIS Controls to align to SOC 2, ISO 27001, and other frameworks12:01. How governance, risk, and compliance (GRC) engineering works with automation to help build repeatable processes22:43. The role of collaboration and communication in building a cybersecurity program27:17. Privacy regulations as a catalyst for security innovation30:24. The CIS Community Defense Model and evidence-based practices32:40. How CIS leverages lessons learned to improve our security best practicesResourcesEpisode 146: What Security Looks Like for a Security CompanyImplementation Guide for Small and Medium-Sized Enterprises CIS Controls IG1How to Construct a Sustainable GRC Program in 8 StepsMapping and Compliance with the CIS ControlsCIS Completes SOC 2 Type II Audit Using CIS Best PracticesEpisode 74: The Nexus of Cybersecurity & Privacy LegislationCIS Community Defense Model 2.0Episode 121: The Economics of Cybersecurity Decision-MakingEpisode 77: Data's Value to Decision-Making in CybersecurityCIS CommunitiesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

There are no comments yet.

Please log in to write the first comment.