Dukes of CIS points to recently enacted legislation in Ohio and 2017 in California that establishes legal
protections for organizations that have implemented an established security framework, such as the CIS
Critical Security Controls, should the organization suffer a data breach.
“If a data breach gets litigated or adjudicated in a court of law, you want to be able to demonstrate to a
judge or jury that you had reasonably implemented and followed a security best practice framework,”
says Dukes.
Although many of the security frameworks are still voluntary in the commercial sector, Dukes has seen
increased adoption from forward-thinking organizations in the retail, IT consulting and academia sectors.
“In the near future, more security frameworks are going to move from being voluntary to mandated,”
explains Dukes. “Organizations should spend time getting educated and starting the process toward
more effective cyber defense now, and not wait until it is mandated. There is too much at stake.”
For more information about ConfigOS from SteelCloud call (703) 674-5500; or visit http://www.steelcloud.com.
About the Author
Jeff Elliott is a Torrance, Calif.-based technical writer. He has researched and
written about industrial technologies and issues for the past 20 years. For
more information about ConfigOS from SteelCloud please contact them at
703 - 674 - 5500; or visit them online at http://www.steelcloud.com.