This course provides a comprehensive review of the Critical Security Controls for Effective Cyber Defense issued by the Center for Internet Security. These controls developed and enhanced over the years by industry experts and the US military and other government entities represent a risk-based and prioritized approach to cyber security. The controls lay out the consensus from respected industry experts as to the best way to block known attacks and the recommended approaches to find and mitigate damages resulting from successful attacks. Additional focus areas of this course include the applicability of these controls to Internet of Things (IoT), mobile technologies and privacy. Security professionals will gain an in-depth understanding of how to implement these controls; CIOs, auditor and risk management executives will learn how to internalize these controls and assess their effectiveness in their organization.
This course is available on-site at your location, or offered through open enrollment 7/20/20 - 7/22/20.
Learning Objectives
- 1 Overview of Critical Security Controls, Design of controls.
- 2 Common Attacks, Attack types, Attack types by industry, Building Operational Attack Models.
- 3 Relationships Between Critical Security Controls and IT Governance.
- 4 Critical Security Controls Review, CSC 1 and CSC 2 Inventory of authorized and unauthorized devices and software, CSC 3 and CSC 11 Secure configurations for hardware, software and network devices, CSC 9 Limitation and control of network ports, protocols and services, CSC 8 & 12 Malware and boundary defenses, CSC 6 maintenance, monitoring and analysis of audit logs, CSC 4 Continuous vulnerability assessment and remediation, CSC 5, 14, 15, and 16 Controlled use of administrative privileges; controlled access based on need to know wireless access control account monitoring and control, CSC 7 email and web browser protection, CSC 18 application software security, CSC 10 and 13 data recovery capability and data protection, CSC 17 security skills assessment and appropriate training to fill gaps, CSC 19 incident response and management, CSC 20 penetration tests and red team exercises.
- 5. Case Studies as Time Permits.