The Center for Internet Security, or CIS, presents 20 specific controls as part of its version 7.1. These controls map to most major compliance frameworks such as NIST CST and NIST 800-53, etc. Organizations maintaining compliance with one of these major frameworks can utilize the CIS controls and benchmarks as global standards for internet security and best practices for securing IT systems and data against attacks. Through an independent consensus process, CIS benchmarks provide frameworks to help organizations bolster their cybersecurity.
What can happen to your organization if you fall short in complying with the cyber security framework you’ve selected to adhere to? First and foremost, you could be slapped with fines of up to hundreds of thousands of dollars. In doing so, you’ll likely damage your organization’s reputation and credibility. Most importantly, by foregoing cybersecurity best practices, you run the risk of exposing the personal information of all the clients you serve.