Issue link: https://insights.oneneck.com/i/1199907
oneneck.com/it-security-services 4 Sec on Two Iden fy Your CIS Implementa on Group Make the best use of your resources to mitigate risks. We use the CIS Implementation Group (IG) methodology to help you identify priorities and invest in the controls that will provide the greatest risk reduction for your specific circumstances. Each IG categorizes controls that have been identified as reasonable priorities for organizations with similar risk profiles and resources. This methodology cuts across the CIS Controls to identify those that will most effectively mitigate risks for each IG while taking into consideration any resource constraints. "The biggest threat organiza ons face is not knowing where they are on the security spectrum and how they can improve. Fortunately, CIS Controls address that need." – Andres Torrado, Security Architect, TDS Start your assessment by identifying the IG that best fits your organization. The CIS Controls are tailored to each IG's expected data sensitivity and criticality, staff and contractor technical expertise, and resources that are available and dedicated toward cybersecurity activities. In this e-book, we focus on IG1 and IG2, to help guide SMBs and larger organizations that need security support through the process of understanding and implementing CIS Controls. Implementation Group 1 (IG1) Implementation Group 2 (IG2) Implementation Group 3 (IG3) This group is for small to medium-sized businesses (SMBs). With limited or no IT and cybersecurity experts on staff, SMBs are most concerned with keeping their business running and avoiding unintended downtime. Confidential information is typically business, employee, or financial data that is unique to their organizations. In this group, organizations are typically larger and have dedicated IT employees that support multiple departments with different risk profiles and regulatory compliance requirements. IG2 organizations store and use sensitive company and customer information, and data breaches could cause them significant harm. This group is made up of large organizations that have robust IT and security teams with specialists who focus on different security issues and business needs. These organizations usually possess a wealth of sensitive data that may be subject to regulations across industries and geographies.