Today the read CIS Controls (version 7.1).
Personally I think very well done. Recommended reading for all professionals dedicated to information security management.
What follows is a brief introduction and explanation of the reasons I recommend.
It lists 20 security control in the CIS Controls. Into Basic (6 item), Foundation (10 item), Organizational (4 term). In addition, CIS are given to implement the recommendations for organizations of all sizes (corresponding information security focus is different) from another dimension (Implementation Groups, IGs).
CIS according to the size of the organization of security controls 20 into three IG (IG1 ~ IG3).
IG1. A family-owned business with ~10 employees may self-classify as IG1;
IG2. A regional organization providing a service may classify itself as IG2;
IG3. A large corporation with thousands of employees may be labeled IG3.
A company's staff size of about 10 people, can be classified as self-IG1;
Regional units can provide services outside their own as IG2;
And with thousands, tens of thousands of the best large companies to own label affixed IG3.
This way is very practical.
(Although this division method can Tucao too loosely, but that does not affect its practical value.)
As a result, IG1 IG1 the company achieved in the controls, IG2 units to achieve IG1 + IG2 of controls, IG3 company achieved IG1 + IG2 + IG3 of control. Simple.
Recommended reason:
Personally think, CIS Controls and supporting documentation is fairly complete set of scientific methodology and a very useful guide.
Small businesses, there is no specific person in charge of security, see the boss himself staring implemented. (If there is CTO, can be handed over to CTO)
Regional small and medium companies, there are one or two part-time security staff, the boss can stare at the two press IG1 + IG2 to implement.
Large companies, basically information security management system is relatively mature, there is a special team in charge of security, you can refer to the principle of IG1 + IG2 + IG3 and methodology. Specific Implementation Guide also impossible without copy, you may say just fine.
CIS URL: https: //www.cisecurity.org/
"Ivy cloud security information" No public link to the article:
https://mp.weixin.qq.com/s?__biz=MzAwNDE4Mzc1NA==&mid=2650826413&idx=1&sn=9aae31ad426a06131508f5f0535991b1&chksm=80db0508b7ac8c1ee70e5d4a1709862abb83b4caa2378dce08d95a49991baf1f66342f546ed4&mpshare=1&scene=1&srcid=&key=c8c9cb9453e09350750ccd07b34ea9fe41c3b0860a0f82add3c4370a3becfcfb29eecf93d0205d7d2c798a59ccdc46804706e7886a28a3a1f27aa28f6db3caa3995629119d827c08073db5aef3c7fe68&ascene=1&uin = NzExMDAyNDQw & devicetype = Windows + 10 & version = 62060833 & lang = zh_CN & pass_ticket = ofI9gu6jQysOFBWOl8lxRraxDOIXPYec8F5kg35DJnWUudbO% 2BLTcWT696Vc9c3GC