Cygilant Blog

How Are You Implementing SANS/CIS Controls to Mitigate Risk of Data Breach?

Posted by Security Steve on Mar 2, 2016



Many regulations state that companies must take reasonable measures to protect sensitive data, for example, personal information such as Social Security numbers, medical information, and payment card data. But even with that mandate, information is still being stolen through data breaches. Last year in the state of California, 178 reported breaches put over 24 million records at risk, affecting nearly 60% of Californians.


So what exactly is a reasonable measure? There is no federal standard or law, and state laws vary widely, as do security standards and compliance mandates. Between malware, hacking, physical breaches, and errors, it’s difficult to remain secure. One of the ways that companies protect themselves against the risk of data breach is to implement security controls as part of a comprehensive program to improve security and compliance.


Recently, the California Attorney General’s office released its California Data Breach Report, which states that “The 20 controls in the Center for Internet Security’s Critical Security Controls identify a minimum level of information security that all organizations that collect or maintain personal information should meet. The failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable security.” (For a copy of these Critical Security Controls, register at:


So the question is, how are you implementing the Critical Security Controls to mitigate the risk of data breaches in your organization? EiQ can help. Our SOCVue® Security Monitoring service continuously assesses 9 of the Top 20 Critical Security Controls to proactively identify weak links and provide remediation guidance to improve security and compliance posture. We provide proactive and reactive security monitoring to help organizations implement appropriate security controls to protect against ever changing threat landscape while being in compliant with government and industry regulations. By providing this proactive assessment, SOCVue analysts empower customer organizations to reduce their cyber risk.




Recently, EiQ announced that Massasoit Community College will use EiQ’s SOCVue Security Monitoring to monitor several SANS/CIS controls, including Control 2 (Inventory of Authorized and Unauthorized Software), Control 5 (Malware Defenses), Control 11 (Limitation and Control of Network Ports, Protocols, and Services), and Control 14 (Maintenance, Monitoring, and Analysis of Audit Logs). They chose EIQ because of the ease of implementation and management, and because EIQ made it possible for Massasoit to monitor multiple Critical Security Controls even with a small IT staff.


More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities. To learn more, please request a demo today!


Request Free Demo Now!


Tags: SANS, Security Controls Monitoring, Data Breach, Cybersecurity, Risk Management

Most Recent Posts

Subscribe to Email Updates