Cygilant Blog

The Link Between Security Controls and Compliance

Posted by Kevin Landt on Jun 30, 2015

Compliance management has historically focused on reactive security monitoring (SIEM and Log Management) to meet regulatory mandates. SIEM and Log Management do not proactively identify weaknesses in your network defenses; they only notify you after an event has occurred. As a result, companies continue to experience an increasing number of breaches even though they are in compliance with regulations at the time of a breach.


Fortunately, the use of information security controls can proactively strengthen your network security. In addition, this core set of information security controls can be mapped across a wide range of compliance regulations. By focusing on these best practices, you can improve security and compliance at the same time.


CIS / SANS Critical Security Controls Mapped to Compliance Frameworks


By implementing information security controls and assessing them on a continuous basis, it’s possible to get a clear picture of your compliance status. Instead of waiting for the annual audit and scrambling to address compliance gaps, a proactive approach focuses on incremental improvement year round.

There are two keys for successful implementation:

  1. The controls need to be measurable – you should be able to see a pass/fail score for each system so that you can track your overall progress
  2. The assessment need to be automated – there simply isn’t enough time to consistently assess your security and compliance status if it’s a manual process

Learn more about automating and assessing information security controls



Tags: Security Controls Monitoring, Compliance, SIEM, Log Management

Most Recent Posts

Subscribe to Email Updates