Center for Internet Security Releases 2013 Annual Report and Outlook for 2014

PRESS RELEASE

East Greenbush, N.Y. – June 19, 2014 – The Center for Internet Security (CIS) announced
today the release of its 2013 annual report, available for download at
http://www.cisecurity.org/about/. The report highlights CIS’ continued momentum as a thought
leader and driving force for improving cyber security in the public and private sectors.

“We are seeing unprecedented growth in cyber incidents and that trend will only increase as we
move more of our personal and professional lives online,” said William Pelgrin, CIS president
and CEO. We are incredibly proud of our accomplishments this year, however there is still much
to be done. We look forward to working with our partners to collectively move the bar of
preparedness ever higher.”

In 2013 CIS built upon its highly successful collaborative model to expand partnerships in two
vitally important areas. In the first, CIS facilitated significant enhancements to intelligence
gathering and information sharing with the creation of a new partnership with the fusion centers
and state governors’ homeland security advisors across the United States. CIS is now sharing
vital strategic and operational intelligence with these communities. The nonprofit organization
also launched a program to develop a framework for all fusion centers on how to integrate cyber
security into their areas of responsibility. Fusion centers are located in states and major U.S.
urban areas, serving as state and local government focal points for threat-related information
sharing and analysis. In addition, CIS expanded its focus on protection for the critical
infrastructure sectors by inviting these organizations to co-locate staff with the CIS Integrated
Intelligence Center to further facilitate readiness and response efforts.

CIS partnered with the U.S. Department of Homeland Security (DHS), the National Association
of State Chief Information Officers (NASCIO) and the National Association of Counties (NACo)
to conduct the Nationwide Cyber Security Review, an extensive, voluntary survey to assess the
level of cyber security preparedness and resilience within state, local, tribal and territorial
(SLTT) governments. All 50 states participated in the 2013 survey, an 86% increase from the
inaugural survey conducted in 2011. This level of participation signifies the growing awareness
and importance of cyber security, and is extremely valuable in developing a comprehensive
picture of the current threat landscape and the identification of key priorities.

As an important step in helping SLTT governments address cyber challenges, CIS expanded its
Managed Security Services (MSS) Program that provides real-time security monitoring.
Beginning in 2014, CIS, through its partnership with DHS, will grow the MSS program to
include all 50 states and U.S. territories, helping them strengthen their security infrastructures
and adopt the NIST Cyber Security Framework.

CIS’ collaborative approach extends to international relationships as well, including
participation in a NATO program focused on achieving a stronger cyber defense posture. The
initiative comprises a multi-disciplinary team of experts from 16 countries and three
international institutions. In addition, CIS is furthering efforts for the availability of open
standards-based security automation specifications and content to the international community.
In 2013, CIS expanded its catalogue of resources for the global community through the release of new and updated security guidance (benchmarks), enhanced features to the automated
Configuration Assessment Tool (known as CIS-CAT), and other consensus-based products. CIS
will continue its collaborative initiative launched in 2013 to develop practical solutions that
strengthen the security of mobile medical devices and network connected health care systems.

Attention will also be given to other areas of critical need outside the healthcare sector.
CIS has earned a reputation for its consensus-based resources, which are widely used to attain
compliance with a number of recognized security standards. In 2013, CIS handled a 44%
increase in the number of vendor software products that are certified to meet CIS’ industryaccepted, internationally recognized secure configuration standards. Certification by CIS
demonstrates a company’s strong commitment to consensus-based configuration security
recommendations.

To learn more about how CIS is improving cyber security and plans for 2014, please visit the
website at CISecurity.org or download its annual report at http://www.cisecurity.org/about/

About the Center for Internet Security
The Center for Internet Security (CIS) is a 501c3 nonprofit organization focused on enhancing
the cyber security readiness and response of public and private sector entities, with a
commitment to excellence through collaboration. CIS produces consensus-based, best practice
secure configuration benchmarks and security automation content, and serves as the key cyber
security resource for state, local, territorial and tribal governments, including chief information
security officers, homeland security advisors and fusion centers. CIS provides products and
resources that help partners achieve security goals through expert guidance and cost-effective
solutions. To learn more please visit cisecurity.org or follow us at @CISecurity.
Contact:
Krista Montie
The Center for Internet Security
518-266-3460
[email protected]
Liz Grimes
Overit for The Center for Internet Security
518-465-8829 x 213
[email protected]