Cavirin > Case Studies > Center for Internet Security Critical Security Controls v.6.0

Center for Internet Security Critical Security Controls v.6.0

Company Size

1,000+

Region

America

Country

United States

Product

Cavirin’s Automated Risk Analysis Platform (ARAP™)

Tech Stack

Cloud Native platform
AWS
Azure
GCP (Google Cloud Platform)

Implementation Scale

Enterprise-wide Deployment

Impact Metrics

Cost Savings
Digital Expertise
Productivity Improvements

Technology Category

Cybersecurity & Privacy - Cloud Security
Cybersecurity & Privacy - Database Security
Cybersecurity & Privacy - Network Security

Applicable Industries

Finance & Insurance
Healthcare & Hospitals

Applicable Functions

Discrete Manufacturing
Logistics & Transportation

Use Cases

Cybersecurity
Regulatory Compliance Monitoring
Remote Asset Management

Services

Cloud Planning, Design & Implementation Services
Cybersecurity Services
Data Science Services

About The Customer

The customer in this case study is not explicitly mentioned. However, the article implies that the customers are organizations that are facing challenges in the face of increasing cyber threats. These organizations could be from various industries, including but not limited to finance, insurance, healthcare, and hospitals. They are likely to be large organizations with a significant dependency on technology and third parties. These organizations are struggling with assessing and documenting cyber risk, controlling data exfiltration, and understanding the role of government and information custody. They are also facing challenges with external controls assessment and are often failing due to improper security settings, incorrect configurations, low levels of encryption, or poor policies and procedures.

The Challenge

The article discusses the challenges faced by organizations in the face of increasing cyber threats. These include the difficulty in assessing and documenting cyber risk, the rapid pace of technology which increases dependency on third parties, and the inability of IT to trace or control data exfiltration. The role of government and information custody is often misunderstood, and findings in audit reports can become barriers to business. In today’s cloud economy, customer due diligence has become a mandate. The article also highlights the importance of complying with the Center for Internet Security’s Critical Security Controls (CIS CSC v6.0), which are updated by cyber experts based on actual attack data from various public and private threat sources.

The Solution

The solution proposed in the article is Cavirin’s Automated Risk Analysis Platform (ARAP™). This platform assists Chief Risk & Security, as well as IT and DevOps leadership in gathering configuration data used to address their top security and compliance challenges. These challenges include settings that indicate missing patches for operating systems and applications, monitoring and detecting sensitive data loss (data exfiltration), locating policies that enable weak passwords, lack of logs and audit trails necessary to conduct forensics, security validation for new systems, missing or outdated anti-malware technology, settings that enable encryption of sensitive information in transit, and the information necessary to remediate deficiencies that would otherwise be impossible to manage due to the lack of trained staff maintaining security controls. The platform is a Cloud Native platform supporting 12-factor patterns and works with Private, Hybrid, and Public Clouds and Support AWS, Azure, GCP (Google Cloud Platform).

Operational Impact

Continuous testing over controls could prevent costs in business disruption, time-consuming client discussion, or lost business opportunities.
Review and response to address recommended fix actions allows timely remediation to found problems.
Rapid completion of unnecessarily disruptive SOC 2 audit events.