Security Controls

🛡️ Security Controls

Relevant security controls from major frameworks:

CIS Critical Security Controls® v8.0

14.114.214.414.6
Hide Control Details (4 controls)
14.1Establish and Maintain a Security Awareness Program
N/AProtect
Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
14.2Train Workforce Members to Recognize Social Engineering Attacks
N/AProtect
Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating. 
14.4Train Workforce on Data Handling Best Practices
N/AProtect
Train workforce members on how to identify and properly store, transfer, archive, and destroy sensitive data. This also includes training workforce members on clear screen and desk best practices, such as locking their screen when they step away from their enterprise asset, erasing physical and virtual whiteboards at the end of meetings, and storing data and assets securely.
14.6Train Workforce Members on Recognizing and Reporting Security Incidents
N/AProtect
Train workforce members to be able to recognize a potential incident and be able to report such an incident. 
Attribution

Copyright Notice
© 2025 Center for Internet Security, Inc. ("CIS"). All rights reserved.

License
This product/service incorporates the CIS Critical Security Controls® with the express permission of the Center for Internet Security, Inc. Use of the CIS Controls in this commercial offering is authorized under a commercial license granted by CIS.

Trademark Notice
"CIS®" and "CIS Critical Security Controls®" are registered trademarks of the Center for Internet Security, Inc. and are used under license.

Source Reference
The original CIS Critical Security Controls are available, free of charge for non-commercial use, at: https://www.cisecurity.org/controls.

Disclaimer
CIS does not endorse, certify, or warrant this product/service. Any views or interpretations are those of Paranoid Cybersecurity, not CIS.