Implementing CIS Critical Security Controls for Organizations on a Low-Budget

Small and medium size businesses have a lower chance of detecting and preventing cyber-attacks due to the high cost associated with adopting the latest security solutions and frameworks. This thesis presents a potential approach to implement most of the CIS Critical Security Controls without the need to dedicate a large budget to acquire commercial security solutions. An organization can adopt open source security solutions along with Windows built-in tools to cover most of the CIS controls if the organization implemented the policies and procedures necessary for each control. Any organization including small and medium size business can start improving their security posture by utilizing the cost-effective solutions mentioned throughout this research.