A Look Into CIS Controls

Mar 20, 2024

Logical Net is often asked “What are best practices in cybersecurity, as it can affect every aspect of my business and can be very complex”” and “Where do I start and how do I know I’m doing a good job?”

Engaging with a cybersecurity provider like Logical Net is a very good start. We offer guidance and a strong layer of security products that provides a great foundation. Best-in-class companies, however, own their security posture, rather than leaving it just to their IT vendor.

To own your security stance, we recommend beginning by:

Defining and assigning the role of Security Officer. That person will create & maintain all your security policies and procedures, educate your staff and ensure your policies are followed.

Adopting security safeguards such as CIS Critical Security Controls v8, NIST or SOC2. Unless you have a specific requirement for NIST or SOC2 we recommend starting with CIS Controls as the implementation is not as onerous while giving a very strong level of protection.

Recognizing that cybersecurity is often a multi-year journey where you incrementally improve each year, adapt to new threats and focus on the highest return / biggest impact projects first.

What are CIS Controls

The CIS Controls, developed by the Center for Internet Security (CIS), are a set of cybersecurity best practices designed to help organizations of all sizes improve their security posture and mitigate cyber threats effectively. These controls are organized into three categories: Basic, Foundational, and Organizational, offering a comprehensive framework that addresses various aspects of cybersecurity.

For small and medium-sized businesses (SMBs), implementing CIS Controls can offer several benefits. Firstly, they provide a structured approach to cybersecurity, offering clear guidelines and priorities for addressing potential vulnerabilities. This can be particularly valuable for SMBs with limited resources and expertise in cybersecurity, as it helps you focus your efforts on the most critical areas to protect their assets.

Moreover, adherence to CIS Controls can enhance the overall security posture of an SMB, reducing the risk of data breaches, cyberattacks, and other security incidents. By implementing these controls, SMBs can better safeguard their sensitive information, customer data, and intellectual property, thereby preserving their reputation and trustworthiness among clients and partners.

Additionally, CIS Controls help SMBs achieve compliance with regulatory requirements and industry standards, which is increasingly important in today’s business environment. Compliance with standards such as GDPR, HIPAA, or PCI DSS not only reduces the risk of penalties and fines but also demonstrates a commitment to protecting customer privacy and security, potentially opening doors to new business opportunities and partnerships.

Implementation Challenges

However, there are also some potential challenges and negative impacts associated with implementing CIS Controls for SMBs. One common concern is the cost of implementation and maintenance, and the need for ongoing training and education to ensure staff members understand and adhere to the controls effectively. Moreover, the complexity of some controls may require SMBs to invest in additional resources, such as specialized software or external expertise.

Furthermore, SMBs may face resistance or pushback from employees who perceive the controls as overly restrictive or burdensome. This resistance can hinder the implementation process and undermine the effectiveness of the controls if not addressed properly. Additionally, the ever-evolving nature of cyber threats means that SMBs must continuously update and adapt their security measures to remain effective, which can pose ongoing challenges and demands on their time and resources.


While implementing CIS Controls can offer significant benefits for SMBs in terms of improving cybersecurity and compliance, it is essential for organizations to mitigate the potential challenges and negative impacts involved. By doing so, SMBs can strengthen their security posture, protect their assets, and mitigate cyber risks more effectively in today’s digital landscape.

Book an appointment with one of our team members below to discuss how we can help you in your cybersecurity journey.

Subscribe to our monthly newsletter

* indicates required