CypherCon 2024

Where did your check-box assessment go? It ran somewhere. (Ransomware)

Steve Lawn


 CIS and MITRE created a mapping of CIS Controls to MITRE’s ATT&CK model to help organizations see their weak spots against five threat types, including ransomware. Steve will show how CIS’ risk assessment method helps analysts determine risks associated with those weaknesses to prioritize fixes.

Steve Lawn

CIS Controls

Steve Lawn has been an information technology professional with over twenty years of extensive IT and security experience that includes architecture, engineering, technology evaluations, deployments, and operations across all security domains. As a member of HALOCK’s Governance and Strategy practice, Steve consults with organizations in specialty areas that include identity and access management, cloud security, data scanning, web security, forensics, incident response, and more to keep their systems secure.