Case studies

Improving Cyber Security Reading by Achieving Maturity Across CIS Top 20 Controls

About the client

The executive team of a leading technology and services company was looking to secure its assets from any possible cyber-attacks. The employees would work on various projects for the customers and had a range of assets like laptops, servers, USBs, smartphones, and other devices. The employees would work from different locations, and managing and maintaining security standards was complex. 

Rather than debating what security standards best fit the situation, the leadership decided to go with CIS controls and approached us to help execute. CIS Top20 Controls helped the client achieve the required security standards quickly and saved the time of starting from scratch. 


One of our clients needed help with cyber security readiness and the CIS Top 20 Security Controls implementation. The CIS Top 20 implementation at scale was new for the client, and the company wanted to build stealth against cyber-attacks, achieve compliance and maintain security levels.

Business Challenge

Inconsistent Risk Management

The client evaluated multiple vendors before selecting us for the project. However, vendor assessment and evaluation took too much time and effort. With the lack of automation in the collection and analysis of vendor surveys, the process was cumbersome and manual. But ultimately, we were selected for CIS Top 20project for the client because of our long-standing relationship and approach to the overhaul of security standards.

One of the biggest challenges at hand was centralizing third-Party risk management functions. The customer worked with multiple vendors and third-party service providers and was looking to extend the CIS standards to those relationships and transactions. One of the goals of this entire exercise was minimizing inconsistent vendor risk management methodologies.

Our Approach and Solution

With The implementation of CIS Top 20 Control, we were able to gain our clients' confidence and trust, as well as strengthen their market position. There are numerous reasons why CIS Top 20 Control implementation is critical for businesses. CIS hardening contributes to the protection of your environment from both internal and external threats. 


Tech Stack


What is CIS TOP 20

The Center for Internet Security (CIS) has issued best practices for organizations to improve security and protect against threats and internet incidents. It aims to create safe, secure, and reliable standards of protection for technology systems against data breaches and attacks. CIS Controls, also known as the CIS Top 20, lays the foundation for a cybersecurity program. Here are the inclusions in CIS Top 20 and what it mandates as part of security controls: 

  • Device inventory (authorized and unauthorized) 
  • Software inventory (authorized and unauthorized) 
  • Hardware and software security configurations 
  • Continuous assessment and remediation of vulnerabilities 
  • Use of administrative privileges under control 
  • Audit log upkeep, monitoring, and analysis 
  • Email and web browser security 
  • Malware protection 
  • Control and limitation of network ports, protocols, and services 
  • Capability for data recovery 
  • Network device security configurations 
  • Data protection at the     boundary 
  • Wireless access control account monitoring and control controlled access based on needs
  • Addressing security knowledge gaps through assessment and appropriate training 
  • Security incident response and management penetration tests and red team exercises for application software 

Business Impact

CIS Top 20 has produced several outcomes for the customer. We laid out step-by-step instructions for protecting every aspect of the IT infrastructure and maintaining and updating it regularly.

With a versatile framework for safely implementing digital transformation initiatives and deploying new cloud services, the client was more ready than ever to kick-start some of its technology initiatives. Simple-to-implement configurations increase operational efficiency and sustainability for the customer.

The CIS Controls implementation has given IT and security management, engineers, and end users comfort and confidence.