On November 14, 2024, the Center for Internet Security announced that CorpInfoTech has become the first organization to receive CIS Controls accreditation under CREST.
CorpInfoTech has been a strong proponent of the CIS Critical Security Controls since their inception in 2008. For over a decade the controls have guided how we perform security assessments and implement our various security services. Not only do we use the CIS controls as a north star for securing customers, but we implement the very same controls within our own IT and security infrastructure.
Currently in its 8th version, the CIS Controls are made up of 18 processes and controls that any organization can implement into their security posture to address the most common threats to enterprises. The controls are designed to be a "prescriptive, prioritized, highly focused set of actions that have a community support network to make them implementable, usable, scalable, and in alignment with all industry or government security requirements". Through our accreditation with CREST, CorpInfoTech is proud to continue our relationship with CIS to provide comprehensive security assessments and services to a historically under resourced sector.
"With this accreditation, CorpInfoTech is pleased to deepen its relationship and alignment with CIS and the Controls program as a whole. The recognition by CREST solidifies CorpInfoTech's leadership in the space, providing one of the most robust, valuable, and widely applicable risk-informed assessment work products in the industry. Together, this partnership will further allow CIS and CorpInfoTech to continue innovation and deliver one of the most consistent risk-informed security assessment products available anywhere by organizations of all sizes and complexities". - Lawrence Cruciana, Founder, President of CorpInfoTech
You can read the Center for Internet Security's full statement and press release here!
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services, including security assessment, cybersecurity penetration tests, managed services (MSP), firewall management, and vulnerability management. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.