The Center for Internet Security Controls or CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of Cybersecurity controls.

The 153 Safeguards, which are found in the 18 controls, are a foundation to protecting your technology and data. They are not rocket science and the majority you can start to implement today.

Follow along as I outline and simplify the safeguards as we work together and SecureIT.

Yesterday we reviewed Safeguard 1.1 on establishing a detailed asset inventory, today let's review 1.2 "Addressing Unauthorized Assets".

For all 3 Implementation Groups, we need to ensure that a process exists to address unauthorized assets on at minimum a weekly basis. You can choose to remove the asset from the network, deny the asset from connecting remotely, or quarantine it.

Shadow IT assets or those assets that are unknown pose serious risks to your network security and data security.

This is the first safeguard that is a documented process. As long as you are maintaining a log of manual weekly review of DHCP leases you probably can check this off. But manual processes equate to likely mistakes or missing something.

First, I would ensure that any live network jacks are disabled if they are not being used. Second, ensure only work owned devices are permitted access to the wireless corporate networks (any personal devices should always access the guest network). If you have every MAC address documented you could maintain a whitelist of MAC address's allowed on the network.

I've also seen Liongard's Network Discovery inspector used to scan the network every 8 hours and notify when a change occurs. Enterprise network infrastructure like switches and firewalls also may have discovery tools to help identify Shadow IT assets.

Once you know and have the process of identifying when new devices are connected then you identify if it's removed, denied, or quarantined. If you're doing MAC address filtering at the infrastructure level you build that into the policy where if it's not one of these addresses, it's denied access. If you're doing it manually then it's how you locate and remove the asset is what you need to document.

Need help getting started with your Policy?  Download a Asset Management Template here!

Join the conversation on LinkedIn - https://www.linkedin.com/posts/scottrdavispa_ciscontrols-safeguards-secureit-activity-7067523468942008320-M8QS?utm_source=share&utm_medium=member_desktop