What are the most common findings of a Cybersecurity Risk Assessment, in terms of CIS Control 6: Access Control Management?
In the video below, Mike explains the two most common findings, according to his conversations with cybersecurity engineers, performing risk assessments for businesses.
Want Mike’s recommendations on the best vendors to quote for a formal assessment for your company? Click the button below and ask him today.
About Mike
Mike Smith has been helping companies select the best telecom, WAN, security, and cloud services since 1999. He founded AeroCom in 2003, and has been the recipient of numerous business telecommunications industry awards, including being recognized as one of the top 40 business people in tech-heavy Orange County, CA. Follow Mike on YouTube, LinkedIn, Reddit and SpiceWorks.
Transcript
Your company is looking into cyber security and you’re looking into maybe getting a risk assessment done, like a cyber security risk assessment, a formal assessment. But before you go down that road, you’re kind of starting to think okay, well before I have a professional come in and pick apart our network and everything, what do I need to kind of clean up? That might be easy for me to do that doesn’t make me look so bad, like I’m just a total rookie.
So it’s definitely one of those things where I know everybody has that feeling a little bit. “Hey, before I pay a professional, I want to make sure I’m not paying them to tell me stuff I already know and I already know I need to handle.” So I wanted to make a video series on this for the most common findings for a formal cyber security risk assessment. So this is the sixth installment and you feel free to watch the other videos as well.
But today’s video is going to be on CIS control number six.
Which Cybersecurity Risk Assessment Vendors Should We Quote?
But before I get ahead of myself, just a quick plug. If you’d like my recommendations on the best vendors to quote for a formal cybersecurity risk assessment for your organization, don’t Google it, don’t start searching the internet for it. Instead, contact me, via email or by phone (714.593.0011). I’ve been doing this for 20 years. I’m a broker for all the major companies out there and within a few questions I can tell you which vendors you should be quoting and why. So more on that at the end of the video, but just wanted to throw that out there.
Background
So CIS control number six, access control management. What are the most common findings within that control of the CIS framework? So if you hire… What I did for this is I actually spoke to risk assessment folks, the vendors we work with on a regular basis who go in and do these formal assessments. I sat down with one of their cybersecurity engineers and I asked them to go through each control of the CIS framework and tell me what’s the most common findings that they see within each control.
So then from there, I’m taking that information, I’m making this video series.
SSO
So within CIS control number six, the first thing that the cybersecurity engineers said that they see is simple. It’s SSO, a single sign-on. A lot of companies don’t have single sign-on set up, or they only have it set up partially. So that’s a real simple one for everyone to tackle.
Old Logins
Also, the second thing that they said is the most common finding is old passwords and user names that are sitting out there that have not been disabled or decommissioned.
So we all know employees come and go and when they do, you’ll want to make sure you’re going through all of your check boxes, that you’re disabling all of their accounts on everything. So obviously those are prime for picking when it comes to threat actors and hackers trying to get into this software is old accounts that haven’t been touched in a while. So just going through and disabling those accounts, that’s another common finding that they see within CIS control number six.
What’s the first step?
So those are just two quick tips. I hope it was helpful. If so, don’t forget to like and subscribe to the channel. That would be a big favor to me. If you’d like my recommendation on the best vendors to quote for a formal cyber cybersecurity risk assessment, reach out. Send me an email, give me a call (714.593.0011). I’m happy to help. I’ve been doing this for 20 years. I can help you get to the right companies quick. The nice thing is the actual risk assessment vendors pay me my broker fee so you don’t have to pay me anything. So there’s no excuse not to at least reach out to me and see what I have to say and see which vendors I recommend. So I hope you like the video. If so, again, don’t forget to like and subscribe to it and I will catch you on the next one.
Related Content
Network Infrastructure Management | Cybersecurity Risk Assessment Template
What is the best template to use for a cybersecurity risk assessment, for Network Infrastructure […]
Cybersecurity Risk Assessment Template: Data Recovery
What is the best template to use for a cybersecurity risk assessment, for Data Recovery?
In this video, […]
Cybersecurity Risk Assessment Template: Malware Defenses
What is the best template to use for a cybersecurity risk assessment, for Malware Defense?
In this […]
Cybersecurity Risk Assessment Template: Email and Browser Protection
What is the best template to use for a Cybersecurity risk assessment, for email and browser […]
Cybersecurity Risk Assessment Template: Audit Logs
What is the best template to use for a cybersecurity risk assessment, for Audit Logs?
In this video, I […]
Cybersecurity Risk Assessment Common Findings: Continuous Vulnerability Management
What are the most common findings of a cybersecurity risk assessment, within the CIS Framework, Control 7: […]