CIS RAM (Center for Internet Security® Risk Assessment Method) is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls™ cybersecurity best practices. CIS RAM, a free tool, provides step-by-step instructions, examples, templates, and exercises for conducting a cyber risk assessment.
“The CIS RAM is a powerful tool to guide the prioritization and implementation of the CIS Controls, and complements their technical credibility with a sound business risk-decision process,” said Tony Sager, Senior Vice President and Chief Evangelist at CIS. “We see the CIS RAM as a method that organizations of all maturity levels can use.”
CIS RAM was developed by HALOCK Security Labs in partnership with CIS. HALOCK had been providing CIS RAM methods for several years with a positive response from legal authorities, regulators, attorneys, business executives, and technical leaders. HALOCK and CIS collaborated to bring the methods to the public as CIS RAM in 2018. CIS is a founding member of the DoCRA Council that maintains the risk analysis standard that CIS RAM is built upon.
What you will learn:
- How to conduct cyber risk assessments so they meet the requirements of established information security risk assessment standards, legal authorities, and regulators with step-by-step instructions, templates, and examples.
- What is considered “reasonable” uses of the CIS Controls to address the mission, objectives, and obligations of each environment.
- Find the balance of what regulators and judges look for to determine whether an organization has been reasonable.
- Tony Sager, CIS Senior Vice President, and Chief Evangelist
- Phil Langlois, CIS Controls Technical Product Manager
- Chris Cronin, Partner – HALOCK Security Labs
- Paul Otto, Attorney – Hogan Lovells LLC