Initial Business Jets Corporation Cybersecurity Evaluation
return to main Initial Business Jets Corporation Cybersecurity Evaluation
Top 20 Critical Controls* Status Links to:
1: Inventory of Authorized and Unauthorized Hardware/Devices  3 CASE
2: Inventory of Authorized and Unauthorized Software  3 UPDATE
3: Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers  2
4: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches  1
5: Boundary Defense  2
6: Maintenance, Monitoring, and Analysis of Audit Logs  2
7: Application Software Security  2
8: Controlled Use of Administrative Privileges  3
9: Controlled Access Based on Need to Know  2
10: Continuous Vulnerability Assessment and Remediation  0
11: Account Monitoring and Control  2
12: Malware Defenses  3
13: Limitation and Control of Network Ports, Protocols, and Services  2
14: Wireless Device Control  2
15: Data Loss Prevention 0
16: Secure Network Engineering  1
17: Penetration Tests and Red Team Exercises  0
18: Incident Response Capability  2
19: Data Recovery Capability  3
20: Security Skills Assessment and Appropriate Training to Fill Gaps  3
0 - Absent - 1 - Very Poor  2 - Poor  3 - Fair  4 - Good 5 - Very Good  6 - Excellent                                 AVG 1.9
*SOURCE: https://www.cisecurity.org/controls/   (2018)