Video: Center for Internet Security (CIS) Controls

In this lesson, Nick Palazzolo, CPA, dives into the comprehensive set of best practices outlined by the Center for Internet Security to safeguard organizations from prevalent cyber threats. He methodically walks through various controls such as inventory and control of both hardware and software assets, continuous vulnerability management, and secure configuration for mobile and stationary devices. Each control is explained in detail to ensure thorough understanding of how proper implementation can fortify an organization's network. Nick emphasizes the importance of administrative privileges management, audit log analysis, and protections for email and web browsing to prevent unauthorized access and cyber attacks. Additionally, he covers advanced topics like malware defense, network port management, and data recovery strategies to enhance organizational resilience against sophisticated threats. By the end of the lesson, the robustness of the CIS controls is highlighted, providing a strong framework for cybersecurity compliance and protection.

"Examprep.ai helped me pass all 4 CPA exams on the first try. I highly recommend. I especially like the feedback and ratings the software provides so I know where to focus my time."

Daniel H., CPA

"I can't recommend ExamPrep.ai enough. Nick's lessons turned concepts I struggled with into strengths. I was able to pass FAR right before other exams expired!"

Andrew K, CPA

"I just want to say thank you for the great lesson videos. I couldn't stay awake through lectures of another course. After watching all your FAR lessons I was finally able to pass!"

Alyssa M., CPA Candidate

Video Transcript

Instructor: Nick Palazzolo

Nick Palazzolo is head instructor of ExamPrep.ai CPA Review. Nick's teaching style is engaging & upbeat, combining practical Big 4 tax & assurance expertise with years of 1-on-1 coaching. His lessons are concise and emphasize what you need to know to pass. Whether you're a recent grad or working full-time, we’re confident you can conquer your CPA exams with Nick’s review.

Cite this lesson

Link to this page

[[ citeExample ]]

Copy to clipboard

Copy URL to clipboard

Copy HTML to clipboard

SysControls, let's talk about each control under the Center for Internet Security. So again, all of these entities, whether it's the government, it's the NIST, the Centers for Internet Security, they all come out with their own frameworks, regulations, standards. Now, these controls were developed to be a set of best practices designed to help organizations protect against the most prevalent cyber threats. So again, that's just kind of my real world take on it. It's just, everyone wants to come up, you know, the AICPA, I'm sure has a, you know, well, obviously they have a framework. The PCAOB has their own framework. Every organization or entity wants to have their own framework to have a claim to fame to something, right? Say, oh, look at us, we developed that. We're so wonderful. So let's just, this is just another one, another set of rules by another organization. This one is the Center for Internet Security. So an overview of each of the controls. So for inventory and control of hardware assets, you want to track, control, and manage all hardware devices to ensure only authorized devices have network access. For inventory and control of software assets, you want to keep an inventory and manage all software utilized, ensuring only authorized software is installed and used. For continuous vulnerability management, you want to continuously acquire, assess, and act on new information to identify vulnerabilities and remediate them promptly. Next up, controlled use of administrative privileges. You want to manage and control admin privileges, making sure that only authorized individuals have access to critical systems and information. You also want to secure configuration for hardware and software on mobile devices, laptops, workstations, and servers. So establish, implement, and manage security configurations for all devices. You want to reduce vulnerabilities and

Unlock the full video transcript and subtitles support with a free account!

Get more from this lesson

Create an account 7-day free trial. No credit card required.

Regulations, Standards and Frameworks

Module: 3 Concepts, 41 Videos

Internal Control Frameworks Overview and Objectives

3:45

Introduction to Internal Control Frameworks

5:36

Corporate Structure

2:01

Components of the COSO Internal Control Integrated Framework