Center for Internet Security (CIS) releases new community defense model for cybersecurity
The Center for Internet Security, Inc. (CIS®) released its Community Defense Model (CDM). The model shows that the CIS Controls® (Controls) – a prioritized and prescriptive set of safeguards that mitigate the most common cyberattacks against systems and networks – mitigate approximately 83 percent of all attack techniques found in the MITRE ATT&CK Framework. Furthermore, Implementation Group 1 (IG1) of the Controls, the definition of Basic Cyber Hygiene, provide mitigation against the attack techniques found in the top four attack patterns listed in the 2019 Verizon Data Breach Investigations Report (DBIR), including ransomware. This is a critical finding for both public and private sector organizations that have been facing a rapid increase in cyber-attacks, especially ransomware, over the last several years.
The CDM maps the Controls to the MITRE ATT&CK® (Adversarial Tactics, Techniques, and Common Knowledge) Framework, and describes how data sources are used to support the mapping to specific Controls and their associated Sub-Controls (Safeguards). The CDM also formalizes the documentation of the specific attack patterns mitigated by the Controls to include: web-application hacking, insider and privilege misuse, malware, ransomware, and targeted intrusions.