California Attorney General Concludes that Failing to Implement the Center for Internet Security's (CIS) Critical Security Controls 'Constitutes a Lack of Reasonable Security'

News provided by

Feb 22, 2016, 09:19 ET

ARLINGTON, Va., Feb. 22, 2016 /PRNewswire/ -- A report released this week by California Attorney General Kamala Harris concludes that the CIS Critical Security Controls represent "a minimum level of information security that all organizations that collect or maintain personal information should meet." Further, the report concludes that failing to implement the Controls "constitutes a lack of reasonable security." The report refers to a 2004 California information security law requiring businesses that collect personal information to use "reasonable security practices and procedures."

The CIS Critical Security Controls are a prioritized list of specific and actionable steps to stop today's most pervasive and dangerous cyber attacks. The Controls have been highlighted specifically by an increasing number of agencies and organizations. For example, the U.S. Federal government's 2014 NIST Cybersecurity Framework cites the Controls as one of its informative references. The National Governors Association's 2013 cyber "Call to Action" identifies the Controls as an industry standard "…for…effective cybersecurity practices" and says that compliance with this standard will "provide a baseline to help minimize compromises, recovery, and costs." Zurich Insurance and the Atlantic Council recommend building a solid cybersecurity foundation by implementing the Controls, and Verizon annual data breach report uses the Controls to provide evidence-based recommendations for effective cybersecurity action.

"This statement by the Attorney General of California clearly identifies the importance of the Critical Security Controls to help prevent and rapidly mitigate cyber attacks," said Jane Lute, Chief Executive Officer of CIS.

"The Controls are especially effective because they are built against actual attack data. They are continually updated by a global cybersecurity community of experts to ensure they contain the most important steps to take first to strengthen cyber defenses," said Tony Sager, CIS Senior Vice President.

Learn more: https://www.cisecurity.org/critical-controls.cfm

The Center for Internet Security (CIS) is an independent 501(c)(3) organization dedicated to identifying, validating, promoting, and sustaining best practice in cybersecurity. CIS is home to the CIS Critical Security Controls https://www.cisecurity.org/critical-controls.cfm: CIS Security Benchmarks https://benchmarks.cisecurity.org/and the Multi-State Information Sharing and Analysis Center (MS-ISAC) https://msisac.cisecurity.org/. To learn more, visit CISecurity.org or follow us on Twitter at @CISecurity.

Contact: Barbara Ware
Email
(518) 526 -4525

SOURCE Center for Internet Security