Re: CIS Controls

[Lisa Reid <lisa.reid () CYBRIANT COM>]

We're actually looking at CyberSaint to replace the existing GRC software we offer clients.  It has some unique 
features that have really brought it to the lead:
Easy to use interface
Cost to implement control
Cost to organization if control is not satisfied and is compromised
Full NIST 800-30 methodology support
FICO like score that allows you to reach a threshold of security quickly
And other unique features

We're only in trial stages now but, from what we've seen, it's a good product for the price.

Lisa Reid | Cybriant
M: 470-443-1599|  E: lisa.reid () cybriant com




From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Michael Perdunn
Sent: Friday, December 7, 2018 8:48 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] CIS Controls


Check out CyberSaint 
(https://www.cybersaint.io/<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cybersaint.io%2F&data=02%7C01%7Clisa.reid%40CYBRIANT.COM%7Cb924ee396fc24801a54f08d65c4c047d%7C1a759eb3d3a84dadb8a9d9dc830dff11%7C1%7C0%7C636797878906533643&sdata=l5Ox0EGxauvKoEaPAH8MbhroC7nDTnF%2FSyJP%2F4EEeL0%3D&reserved=0>)
 - Great lightweight GRC tool with CIS controls built right in.
CyberStrong for DFARS NIST SP 800-171 - CyberStrong IRM Software - Cybersecurity Compliance & Risk | 
CyberSaint<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cybersaint.io%2F&data=02%7C01%7Clisa.reid%40CYBRIANT.COM%7Cb924ee396fc24801a54f08d65c4c047d%7C1a759eb3d3a84dadb8a9d9dc830dff11%7C1%7C0%7C636797878906533643&sdata=l5Ox0EGxauvKoEaPAH8MbhroC7nDTnF%2FSyJP%2F4EEeL0%3D&reserved=0>
www.cybersaint.io<http://www.cybersaint.io>
"CyberStrong provides me with a means to effectively measure and communicate our overall compliance posture, AI to 
model my security investments for the best ROI, and information on risk exposure using an industry standard model 
paired with innovative technology.





Michael Perdunn, MA, PMP, CRISC

University of Nebraska at Omaha | unomaha.edu

402.706.8588 (mobile)
mperdunn () unomaha edu<mailto:mperdunn () unomaha edu>

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Irigoyen, Alex <alex_irigoyen () REDLANDS EDU<mailto:alex_irigoyen () REDLANDS EDU>>
Sent: Thursday, December 6, 2018 12:32:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] CIS Controls


For those that are or already have implemented any or all of the 20 CIS controls, I am interested in hearing what 
products/solutions you are using to evaluate and implement those controls. I understand that it is important to start 
with a risk management program but I am just curious as to what solutions have helped when referencing and implementing 
these CIS controls.



Thanks!



Alexander Irigoyen

Network Manager

University of Redlands

909.748.8315