{"title":"对CIS控制的批判观点","authors":"Stjepan Gros","doi":"10.23919/ConTEL52528.2021.9495982","DOIUrl":null,"url":null,"abstract":"CIS Controls are a set of 20 controls and 171 sub-controls that were created with an idea of having a list of specific controls to implement so that organizations can increase their security. While good in theory, it is a big question of how viable this approach is in practice, and does it really help. There is only a minor number of critical views of CIS Controls and since CIS Controls are marketed by two very influential organizations they are very popular. Yet, there are alternatives published by ISO, NIST and even PCI consortium. In this paper we critically assess CIS Controls, assumptions on which they are based as well as validity of approach and claims made in its favor. The conclusion is that scientific community should be more active regarding this topic, but also that more data is necessary. This is something that CIS and SANS should support if they want to make CIS Controls viable alternative to other approaches.","PeriodicalId":269755,"journal":{"name":"2021 16th International Conference on Telecommunications (ConTEL)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2019-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"A Critical View on CIS Controls\",\"authors\":\"Stjepan Gros\",\"doi\":\"10.23919/ConTEL52528.2021.9495982\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"CIS Controls are a set of 20 controls and 171 sub-controls that were created with an idea of having a list of specific controls to implement so that organizations can increase their security. While good in theory, it is a big question of how viable this approach is in practice, and does it really help. There is only a minor number of critical views of CIS Controls and since CIS Controls are marketed by two very influential organizations they are very popular. Yet, there are alternatives published by ISO, NIST and even PCI consortium. In this paper we critically assess CIS Controls, assumptions on which they are based as well as validity of approach and claims made in its favor. The conclusion is that scientific community should be more active regarding this topic, but also that more data is necessary. This is something that CIS and SANS should support if they want to make CIS Controls viable alternative to other approaches.\",\"PeriodicalId\":269755,\"journal\":{\"name\":\"2021 16th International Conference on Telecommunications (ConTEL)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-10-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 16th International Conference on Telecommunications (ConTEL)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/ConTEL52528.2021.9495982\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 16th International Conference on Telecommunications (ConTEL)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/ConTEL52528.2021.9495982","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
CIS Controls are a set of 20 controls and 171 sub-controls that were created with an idea of having a list of specific controls to implement so that organizations can increase their security. While good in theory, it is a big question of how viable this approach is in practice, and does it really help. There is only a minor number of critical views of CIS Controls and since CIS Controls are marketed by two very influential organizations they are very popular. Yet, there are alternatives published by ISO, NIST and even PCI consortium. In this paper we critically assess CIS Controls, assumptions on which they are based as well as validity of approach and claims made in its favor. The conclusion is that scientific community should be more active regarding this topic, but also that more data is necessary. This is something that CIS and SANS should support if they want to make CIS Controls viable alternative to other approaches.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
