A system for assessing and reducing information system operational risk

A Cybersecurity framework for medium size organizations

The SAM-Security baseline requirements in this system are tailored for organizations that rely on a mixture of internal IT systems, internet, cloud, online services, and email for internal administration and delivery of business operations. They are likely to hold some sensitive or confidential information. The networks will be moderately complex and require specific skills to manage them.

Cybersecurity is important to ensure the confidentiality, availability and integrity of information in medium sized organizations. Experiencing a cybersecurity event would impact the ability of these organizations to operate and potentially damage reputation and viability.

SAM-Security provides good coverage of the CIS Critical Security Controls requirements but omits those that frequently cannot be achieved due to the operational scale and resource restraints of medium sized organizations.

About CIS Controls

The CIS Critical Security Controls (CIS Controls) are a concise, prioritized set of cyber practices created to mitigate today's most pervasive and dangerous cyber attacks.

The CIS Controls are developed, refined, and validated by a community of leading experts from around the world. Organisations that apply just the first five CIS Controls can reduce their risk of cyber attack by around 85 percent. Implementing all 20 CIS Controls increases the risk reduction to around 94 percent.

SAM for Compliance Ltd are CIS Supporters and were a major contributor to the development of CIS Controls Version 7. The CIS Controls used within the SAM-CIS Controls and SAM-Security systems are provided under license from CIS.