{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T14:56:36Z","timestamp":1773932196628,"version":"3.50.1"},"reference-count":26,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,6,30]]},"DOI":"10.23919\/contel52528.2021.9495982","type":"proceedings-article","created":{"date-parts":[[2021,7,30]],"date-time":"2021-07-30T20:55:17Z","timestamp":1627678517000},"page":"122-128","source":"Crossref","is-referenced-by-count":12,"title":["A Critical View on CIS Controls"],"prefix":"10.23919","author":[{"given":"Stjepan","family":"Gros","sequence":"first","affiliation":[]}],"member":"263","reference":[{"key":"ref10","article-title":"A History of the CIS 20 Critical Security Controls","author":"ortmann","year":"2018"},{"key":"ref11","article-title":"The cis critical security controls for effective cyber defense &#x2014; Wikipedia, the free encyclopedia","year":"2019"},{"key":"ref12","article-title":"ISO\/IEC 27001:2013 Information technology &#x2013; Security techniques &#x2013; Information security management systems &#x2013; Requirements","year":"2013"},{"key":"ref13","article-title":"Draft recommended security controls for federal information systems (2003)","year":"2018"},{"key":"ref14","article-title":"Framework for improving critical infrastructure cybersecurity, version 1.1","year":"2018"},{"key":"ref15","article-title":"Payment card industry data security standard: Requirements and security assessment procedures, version 3.2.1","year":"2018"},{"key":"ref16","article-title":"The 20 controls that aren&#x2019;t","author":"tomhave","year":"2011"},{"key":"ref17","article-title":"CIS RAM - Center for Internet Security &#x00AE; Risk Assessment Method (Version 1.0)","year":"2018"},{"key":"ref18","article-title":"CIS Controls: Implementation Guide for Small- and Medium-Sized Enterprises (SMEs)","year":"2019"},{"key":"ref19","article-title":"Argument from authority &#x2014; Wikipedia, the free encyclopedia","year":"2019"},{"key":"ref4","article-title":"SEC440: Critical Security Controls: Planning, Implementing, and Auditing","year":"0"},{"key":"ref3","article-title":"SEC566: Implementing and Auditing the Critical Security Controls - In-Depth","year":"0"},{"key":"ref6","article-title":"CIS Controls, Version 7.1","year":"2019"},{"key":"ref5","article-title":"CIS Controls","year":"0"},{"key":"ref8","article-title":"CIS Controls Internet of Things Companion Guide, Version 7.1","year":"2019"},{"key":"ref7","article-title":"CIS Controls Cloud Companion Guide, Version 7","author":"carpenter","year":"2019"},{"key":"ref2","article-title":"SANS","year":"0"},{"key":"ref9","article-title":"SANS Institute - CIS Critical Security Controls: A Brief History","year":"0"},{"key":"ref1","article-title":"CIS &#x2013; Center for Internet Security","year":"0"},{"key":"ref20","article-title":"Finding cyber threats with attack-based analytics","author":"strom","year":"2017","journal-title":"Technical Report MTR170202 MITRE Tech Rep"},{"key":"ref22","article-title":"Applying center for internet security ics cybersecurity controls (blog post)","author":"cahill","year":"2018"},{"key":"ref21","article-title":"Best practice | definition of best practice by merriam-webster","year":"0"},{"key":"ref24","article-title":"Final report: Consensus cyber security controls","year":"2013","journal-title":"Tech Rep"},{"key":"ref23","article-title":"The 85\/20 rule of cyber security","author":"moloney","year":"2019"},{"key":"ref26","article-title":"Real-World Case Study: The Overloaded Security Professional&#x2019;s Guide to Prioritizing Critical Security Controls","author":"bosco","year":"2016","journal-title":"GIAC (GCCC) Gold Certification"},{"key":"ref25","article-title":"Home &#x2013; Resources &#x2013; Topic: CIS Controls &#x2013; Type: Case Studies","year":"0"}],"event":{"name":"2021 16th International Conference on Telecommunications (ConTEL)","location":"Zagreb, Croatia","start":{"date-parts":[[2021,6,30]]},"end":{"date-parts":[[2021,7,2]]}},"container-title":["2021 16th International Conference on Telecommunications (ConTEL)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9495953\/9495954\/09495982.pdf?arnumber=9495982","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,26]],"date-time":"2021-10-26T21:10:42Z","timestamp":1635282642000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9495982\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,6,30]]},"references-count":26,"URL":"https:\/\/doi.org\/10.23919\/contel52528.2021.9495982","relation":{},"subject":[],"published":{"date-parts":[[2021,6,30]]}}}