10-Day CIS Security Controls Assessment

The CIS Controls are a comprehensive set of cybersecurity best practices developed by IT experts that address the most common threats and vulnerabilities that may affect your services offered on Azure Platforms.

• Kick-off meeting via video/tele conference,
• Remote session to fill the questionnaire,
• Remote interview with the security, system, network and software department’s leads,
• Reporting of findings with maturity score and tips for improvement ,
• Report presentation via video/tele conference after submission of the report.
• Estimated duration: 10-12 man/days

How Do We Perform We interview with technical staff and ask detailed questions about CIS Controls in order to be able to measure the implementation status of control substances, including current controls, processes, and other requirements while performing the assessment. It is an Q&A study performed with the technical staff. The following steps are applied to perform the assessment: • Relevant documents are collected and reviewed; list of controls, policies, plans, standards, procedural guidelines, drawings, etc.). • Interviews are conducted to determine conformance with the standards. Each control is measured against defined measurement criterias. • The report with the results of the assessment is prepared.

The Outputs • Executive summary is prepared including an overall evaluation of the assessment. • Suggestions are presented with evaluation results. • Compliance charts provided to make a visual appearance in line with the evaluations. • Each control item is included in the report as finding and suggestions are provided on how the finding should be treated.