State of California Data Security Breach Reporting
California Attorney General Confirms Center for Information Security (CIS) Checklists as a Mandated Requirement
California Attorney General Kamala D. Harris recently released a Data Breach Report, delving into the 657 data breaches that have been reported to her office since 2012- the same year that the state of California began requiring businesses and government agencies alike to notify the office of breaches affecting more than 500 California residents..
What is the Center for Internet Security?
The Center for Internet Security is a non-profit organization whose goal is to promote cybersecurity readiness by identifying, developing, and validating best security practices. The CIS Controls are a list of the best protective controls to detect, prevent, respond to, and mitigate damage from cyber-attacks. These controls are continuously updated to stay ahead of the latest threats as well as rapidly advancing technologies.
Why Should Your Organization Implement the CIS Controls?
Gartner reports that 99.999% of breaches in 2015 exploited known configurable vulnerabilities. Implementing a secure policy for all IT systems ensuring that known configuration vulnerabilities are eradicated has to be the first place to start when securing the IT estate. As the Attorney General recommends, the set of 20 Controls are the priority actions that should be taken care of first and foremost in order to provide reasonable security within an organization.
These controls are scalable and are designed to apply to organizations of all sizes. Each CIS Benchmark provides specific guidance for establishing a secure configuration posture for your IT infrastructure, including a detailed description and rationale of potential vulnerabilities together with clear auditing and remediation steps.
While implementing these Controls may not prevent every cyber-attack, they will significantly reduce your organization's risk and the impact commonly associated with falling victim to a breach.
NNT and the Center for Information Security
As one of a handful of CIS Certified Vendors, NNT has access to security configuration benchmarks, software, metrics, and discussion forums where NNT is an essential stakeholder in collaborating on security best practices. NNT has leveraged these best practices and resources in our products to measure and improve the security posture of our customers.
NNT provides a full range of CIS Benchmark reports that can be used to audit enterprise networks and then monitor continuously for any drift from your hardened build standard, to ensure systems stay within compliance 24/7.
Since 2014, NNT Change Tracker has been awarded the CIS Security Software Certification for CIS Security Benchmarks across all Linux and Windows platforms, UNIX and Database Systems, Applications and Web Servers.
Read the full California Data Breach Report here