Most organizations that handle consumer data or are vulnerable to cyberattacks are legally required to meet the appropriate security compliance standards. However, this does not apply to every single organization and IT department. In order to set a standard and provide a guide, the Center for Internet Security Critical Security Controls (henceforth referred to as the CIS Top 18) was published.
The CIS Top 18 is a list of 18 actions and practices an organization’s security team can take on such that cyberattacks, or threats, are minimized and prevented. No organization is legally bound to follow the CIS Top 18; however, the controls consist of fundamental steps that all security teams are highly encouraged to implement, in addition to or regardless of regulatory compliance.
The following are the actions, as presented by the Center for Internet Security: