SOC Experts

Cybersecurity Career Launcher

Assignment #8
CIS Critical Control

Sl Control Purpose Technologies Products

No
Organizations must actively Asset HP Asset Manager
Inventory and
1 manage all the hardware Management
Control of
Enterprise Assets devices on the network, so Tool
that only authorized devices
are given access and
unauthorized devices can be
quickly identified and
disconnected before they inflict
any harm
Actively manage (inventory, Asset Automate
Inventory and
2 track, and correct) all software Management Inventory
Control of
Software Assets (operating systems and software Management
applications) on the network
so that only authorized
software is installed and can
execute, and that unauthorized
and unmanaged software is
found and prevented from
installation or execution.

Develop processes and Data AxCrypt Premium

Data Protection
3 technical controls to identify, Encryption
classify, securely handle,
retain, and dispose of data.

Establish and maintain the Firewall Check point

Secure
4 secure configuration of software
enterprise assets (end-user
devices, including portable and
mobile; network devices; non-
computing/IoT devices; and
servers) and software
(operating systems and
applications).
Account Use processes and tools to Active Windows AD,
5 Management assign and manage Directory Azure Ad
authorization to credentials for
user accounts, including
administrator accounts, as well
as service accounts, to
enterprise assets and
software.
 SOC Experts
Cybersecurity Career Launcher

Access Control Use processes and tools to Domain Fintech Data

6 Management create, assign, manage, and controller Privacy Vault
revoke access credentials and
privileges for user,
administrator, and service
accounts for enterprise assets
and software.
Continuous Develop a plan to continuously Vulnerability Qualis
7 Vulnerability assess and track vulnerabilities Assessment
Management on all enterprise assets within solution
the enterprise’s infrastructure,
in order to remediate, and
minimize, the window of
opportunity for attackers.
Monitor public and private
industry sources for new threat
and vulnerability information.
Audit Log Collect, alert, review, and Windows Palo Alto EDR
8 Management retain audit logs of events that event log
could help detect, understand,
or recover from an attack.
Email and Web Improve protections and Email Proof point
9 Browser detections of threats from Security
Protections email and web vectors, as
these are opportunities for
attackers to manipulate human
behavior through direct
engagement.
Malware Prevent or control the EDR Fire I HX
10 Defenses installation, spread, and
execution of malicious
applications, code, or scripts
on enterprise assets.

Data Recovery Establish and maintain data Data AWS cloud

11 recovery practices sufficient to Redundancy
restore in-scope enterprise
assets to a pre-incident and
trusted state.

Network Establish, implement, and Cloud Sumo Logic

12 Infrastructure actively manage (track, report, Resource
Management correct) network devices, in Management
order to prevent attackers
from exploiting vulnerable
network services and access
points.
 SOC Experts
Cybersecurity Career Launcher

Network Operate processes and tooling Network and SolarWinds

13 Monitoring and to establish and maintain System
Defense comprehensive network Management
monitoring and defense
against security threats across
the enterprise’s network
infrastructure and user base.
Security Establish and maintain a Phishing Hoxhunt
14 Awareness and security awareness program to Risk Test.
Skills Training influence behavior among the
workforce to be security
conscious and properly skilled
to reduce cybersecurity risks
to the enterprise.
Service Provider Develop a process to evaluate Jira Service ITSM
15 Management service providers who hold Management
sensitive data, or are
responsible for an enterprise’s
critical IT platforms or
processes, to ensure these
providers are protecting those
platforms and data
appropriately.

Application Manage the security life cycle Software Veracode

16 Software of in-house developed, hosted, Composition
Security or acquired software to Analysis
prevent, detect, and remediate
security weaknesses before
they can impact the
enterprise.

Incident SIEM Splunk

17 Response and Establish a program to develop
Management and maintain an incident
response capability (e.g.,
policies, plans, procedures,
defined roles, training, and
communications) to prepare,
detect, and quickly respond to
an attack.

Penetration Test the effectiveness and Vapt Cuko Sandbox,

18 Testing resiliency of enterprise assets Metasploit
through identifying and
exploiting weaknesses in
controls (people, processes,
and technology), and
simulating the objectives and
actions of an attacker.