High-profile cybersecurity attacks indicate that offensive attacks are outperforming defensive measures. Cybersecurity engineers, auditors, privacy, and compliance team members are asking how they can practically protect and defend their systems and data, and how they should implement a prioritized list of cybersecurity hygiene controls. In SANS SEC566, students will learn how an organization can defend its information by using a vetted cybersecurity control standard. Students will specifically learn how to implement, manage, and assess security control requirements defined by the Center for Internet Security’s (CIS) Controls. Students will gain direct knowledge of the CIS Controls and ecosystem of tools to implement CIS controls across organizations complex networks, including cloud assets. Business Takeaways ▐ Efficiently reduce the most important cyber-related risks ▐ Align compliance requirements with security and business goals and solutions ▐ Report the status of cybersecurity defense efforts to senior leadership in clear, business terms ▐ Enjoy peace of mind that your organization has a comprehensive strategy for defense and compliance Syllabus Summary SECTION 1: Introduction and Overview of the CIS Critical Controls SECTION 2: Data Protection, Identity and Authentication, Access Control Management, Audit Log Management SECTION 3: Server, Workstation, Network Device Protections (Part 1) SECTION 4: Server, Workstation, Network Device Protections (Part 2) SECTION 5: Governance and Operational Security CURRICULUM: Cybersecurity Leadership SEC566: Implementing and Auditing CIS Controls™ You Will Be Able To ▐ Apply security controls based on actual threats that are measurable, scalable, and reliable in stopping known attacks and protecting your organization’s important information and systems ▐ Understand the importance of each control and how it is compromised if ignored ▐ Explain the defensive goals that result in quick wins and increased visibility of network and systems ▐ Identify and use tools that implement controls through automation ▐ Create a scoring tool to measure the effectiveness of each control ▐ Employ specific metrics to establish a baseline and measure the effectiveness of security controls ▐ Competently map CIS Controls to compliance and standards such as PCI-DSS, the NIST Cybersecurity Framework (CSF), ISO 27000, and more ▐ Audit each of the CIS Controls with specific, proven templates, checklists, and scripts provided to facilitate the audit process Who Should Attend ▐ Information Assurance Auditors ▐ System Implementers or Administrators ▐ Compliance Analysts ▐ IT Administrators ▐ Department of Defense (DoD) personnel or contractors ▐ Federal agencies or clients ▐ Private sector organizations looking to improve information assurance processes and secure their systems ▐ Security vendors and consulting groups looking to stay current with frameworks for information assurance NICE Framework Work Roles ▐ Security Control Assessor (SP-RSK-002) “ SEC566 was very valuable for me. I thought I knew about security controls but this course has shown me that all I knew was the basics. I now have in-depth knowledge in this area.” —Keri Powell, Textron “ After attending this class, I now have this rejuvenated desire to get back to work, tweek my vulnerability scanner, and run my scans.” —Jason Hinojosa, Rush Enterprises Brian Ventura Course Author GCCC Critical Controls giac.org/gccc 5 Day Program 30 CPEs 17+ Labs For detailed course description, visit SANS.ORG/SEC566 WAYS TO TAKE SEC566 Live Online In-Person OnDemand
