K12 Tech Talk

Episode 132 - Beginner’s Guide to Implementing CIS Controls

Aug 25, 2023

The podcast episode delves into the implementation of CIS Controls, specifically focusing on IG1. The hosts discuss the benefits of the CIS Controls framework and how to rate your security using the CIS Workbook. They also explore various security controls that need to be implemented, including audit logs and MFA. The episode touches on the experience of attending a conference and utilizing the IG1 workbook. The hosts introduce a new sponsor, Jupiter, and discuss emergency preparedness in schools.

59:59

Creator website

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Conducting a cybersecurity tabletop exercise with administrative staff helps educate them about potential risks and facilitates conversations about response plans and backup systems.

Establishing and maintaining a detailed inventory of enterprise assets enables informed decision-making, effective network management, and anticipation of potential risks.

Implementing multi-factor authentication (MFA) for externally exposed applications and administrative access significantly enhances security posture and reduces the risk of unauthorized access.

Deep dives

Importance of Cybersecurity Training for Admin Staff

One of the main ideas covered in this podcast episode is the importance of conducting a cybersecurity tabletop exercise with the administrative staff. The host and guest speakers discuss how this exercise can help the staff understand the impact of a cyber event on the school's day-to-day functions. They emphasize that the tabletop exercise can facilitate conversations about response plans, backup systems, emergency contact information, and other critical aspects in case of a cyber attack or disruption. The goal is to educate administrators about potential risks, improve their understanding of technology-related challenges, and enable them to make informed decisions to mitigate potential threats.

The Little Foxes Destroy the Garden

01:20

An Overview of the 18 Major Controls in CIS Framework

01:37

How to Move Into IG2 as Fast as Possible

01:20

Introduction

2min

Sticker Troubles

8min

Casual Conversations: CIS Controls and I G One Standard

5min

Exploring CIS Controls Framework and Benefits of Spreadsheet for Security Functions

16min

Implementing Security Controls

9min

Attending a Conference and Using the IG1 Workbook

8min

New Sponsor and Justifying a Cyber Tabletop Exercise with the Admin Team

3min

Emergency Preparedness in Schools

9min

It was past Josh's bed time when this episode was recorded, so he let's Mark do all the talking. Mark shows off his Google Sheet skills by walking us through the CIS controls, specifically IG1. IG1 was mentioned at the White House Convening on K12 Cybersecurity a few weeks ago and we thought it was a good idea to delve into what that means and how to get started with implementation. Mark also talks about the CIS Workbook to help you rate your current security posted against CIS Controls. After completing the Workbook, you are presented with a report that gives you starting points for your weakest ratings.

Here is a spreadsheet with IG1, IG2 and IG3. For the sake of this episode, we only focused on IG1.

Listen here (and on all major podcast platforms).

Join the K12TechPro.com Community.

Buy our merch!!!

SomethingCool.com

Extreme Networks - Email dmayer@extremenetworks.com

Fortinet - Email fortinetpodcast@fortinet.com

Jupiter - Email Stuart at stuart.miles@jupitered.com

Looking for a new SIS? Here is our general “demo” video:

Jupiter Demo

And learn more here:

Jupiter