Sveriges mest populära poddar
Cybersecurity Where You Are (audio)

Episode 165: An In-Depth Look at CIS Controls Implementation

52 min10 december 2025

In Episode 165 of Cybersecurity Where You Are, Tony Sager sits down with Valecia Stocchetti, Senior Cybersecurity Engineer at the Center for Internet Security® (CIS®), and Charity Otwell, Director of Critical Security Controls at CIS. Together, they take an in-depth look at implementing the CIS Critical Security Controls® (CIS Controls®), including what you need to know to begin your own CIS Controls implementation efforts.

Here are some highlights from our episode:

  • 00:53. Introductions to Valecia and Charity
  • 02:48. How the CIS Controls ecosystem answers the deeper question of how to implement
  • 06:42. The importance of clear strategy, business priorities, and a realistic timeline
  • 09:56. How the CIS Community Defense Model (CDM) clarifies cyber defense priorities
  • 13:01. The use of calculations around costing to make a security program achievable
  • 15:31. Bringing IT and the Board of Directors together through governance
  • 20:36. "Herding cats" as a metaphor for navigating different compliance frameworks
  • 23:17. Why one prescriptive ask per CIS Safeguard starts cybersecurity workflows
  • 25:30. "Why" vs. "how" communication, accountability, staffing, budget, and continuous improvement as keys to success for CIS Controls implementation
  • 42:03. CIS Controls Assessment Specification as an answer to implementation subjectivity
  • 47:21. Parting thoughts around team effort, change, and CIS Controls Accreditation

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

Fler avsnitt av Cybersecurity Where You Are (audio)

Visa alla avsnitt av Cybersecurity Where You Are (audio)

Cybersecurity Where You Are (audio) med Center for Internet Security finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.