Posts by Caspian Kilkelly

7 min Higher Education

Defining Cybersecurity Risk for Higher Education

Educational institutions and other organizations have similar cybersecurity risk profiles, but there are a few very specific areas that differ.

6 min Malware

The CIS Critical Controls Explained- Control 8: Malware Defenses

This is a continuation of our CIS critical security controls [/2017/04/19/the-cis-critical-security-controls-series] blog series. Workstations form the biggest threat surface in any organization. The CIS Critical Security Controls [https://www.rapid7.com/solutions/compliance/critical-controls/] include workstation and user-focused endpoint security in several of the controls, but Control 8 (Malware Defenses) is the only control to strictly focus on antivirus and malware across the organization.

5 min CIS Controls

The CIS Critical Controls Explained - Control 7: Email and Web browser protection

This blog is a continuation of our blog post series around the CIS Critical Controls [/2017/04/19/the-cis-critical-security-controls-series]. The biggest threat surface in any organization is its workstations. This is the reason so many of the CIS Critical Security Controls [https://www.rapid7.com/solutions/compliance/critical-controls/] relate to workstation and user-focused endpoint security. It is also the reason that workstation security is a multibillion-dollar industry [http://www.gartner

4 min CIS Controls

The CIS Critical Security Controls Explained - Control 1: Inventory and Control of Hardware Assets

The Rapid7 Security Advisory Service relies heavily on the CIS top 20 critical controls as a framework for security program analysis because they are universally applicable to information security and IT governance. Correct implementation of all 20 of the critical controls greatly reduces security risk, lowers operational costs, and significantly improves any organization's defensive posture. The 20 critical controls are divided into Basic, Foundational, and Organizational families, and each con

4 min CIS Controls

The CIS Critical Security Controls Explained - Control 2: Inventory and Control of Software Assets

As I mentioned in our last post, the 20 critical controls [https://www.rapid7.com/solutions/compliance/critical-controls/] are divided into Basic, Foundational, and Organizational families in order to simplify analysis and implementation. This also allows partial implementation of the controls by security program developers who aren't building a program from scratch, but want to apply all 20 of the controls. The first two controls of the Center for Internet Security's (CIS) Critical Controls are