Initial
Business Jets Corporation Cybersecurity Evaluation |
|
|
return to main |
Initial
Business Jets Corporation Cybersecurity Evaluation |
|
|
Top 20 Critical Controls* |
Status |
Links to: |
|
1: Inventory of Authorized and Unauthorized
Hardware/Devices |
3 |
CASE |
|
2: Inventory of Authorized and Unauthorized
Software |
3 |
UPDATE |
|
3: Secure Configurations for Hardware and Software on
Laptops, Workstations, and Servers |
2 |
|
|
4: Secure Configurations for Network Devices such as
Firewalls, Routers, and Switches |
1 |
|
|
5: Boundary Defense |
2 |
|
|
6: Maintenance, Monitoring, and Analysis of Audit
Logs |
2 |
|
|
7: Application Software Security |
2 |
|
|
8: Controlled Use of Administrative Privileges |
3 |
|
|
9: Controlled Access Based on Need to Know |
2 |
|
|
10: Continuous Vulnerability Assessment and
Remediation |
0 |
|
|
11: Account Monitoring and Control |
2 |
|
|
12: Malware Defenses |
3 |
|
|
13: Limitation and Control of Network Ports,
Protocols, and Services |
2 |
|
|
14: Wireless Device Control |
2 |
|
|
15: Data Loss Prevention |
0 |
|
|
16: Secure Network Engineering |
1 |
|
|
17: Penetration Tests and Red Team Exercises |
0 |
|
|
18: Incident Response Capability |
2 |
|
|
19: Data Recovery Capability |
3 |
|
|
20: Security Skills Assessment and Appropriate
Training to Fill Gaps |
3 |
|
|
0 - Absent - 1 - Very Poor 2 - Poor
3 - Fair 4 - Good 5 - Very
Good 6 - Excellent AVG |
1.9 |
|
|
*SOURCE:
https://www.cisecurity.org/controls/
(2018) |
|
|
|
|
|
|