* All fees are exclusive of vat
** PREMIUM - Customize your learning experience
This training will teach you how to master the specific techniques and tools needed to implement and audit the Critical Controls. It will help security practitioners understand not only how to stop a threat, but why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats. The course shows security professionals how to implement the controls in an existing network through cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the Controls are effectively implemented.
What Do Participants Learn?
Apply a security framework based on actual threats that is measurable, scalable, and reliable in stop- ping known attacks and protecting organizations' important information and systems
Understand the importance of each control, how it is compromised if ignored, and explain the defesive goals that result in quick wins and increased visibility of network and systems
Identify and utilize tools that implement controls through automation
Learn how to create a scoring tool for measuring the effectiveness of each controls the effectiveness of each control
Employ specific metrics to establish a baseline and measure the effectiveness of security controls
Understand how critical controls map to standards such as NIST 800-53, ISO 27002, the Australian Top 35, and more
Audit each of the critical security controls, with specific, proven templates, checklists, and scripts provided to facilitate the audit process
Who Should Attend?
Information assurance auditors
System implementers or administrators
Network security engineers
Department of Defense (DoD) personnel or contractors
Federal agencies or clients
Private sector organizations looking to improve information assurance processes and secure their systems
Security vendors and consulting groups looking to stay current with frameworks for information assurance
What Will the Learning Experience Include?
Comprehensive pre-program activities include:
Web-based information forms & surveys completed by attendee.
Direct consultation with the attendee about the expectations.
During the training, participants engage in data, activities, and conversations that lead to insight and knowledge.
Participants learn from expert trainers who have both academic and business experiences.
Highly applicable training content & instructive activities for adding depth to training topics.
**A half-day site visit for integrating the experience & plan next steps. Opportunities to provide connections, ideas & support.
Explore & Practice
Apply & sustain the learning experience by using this ongoing support:
To ensure participant has new skills or behavior progress.
Optional, fee-based mentoring & coaching with the trainer.
Training materials & additional documents (e-books, pdf files, presentations and articles)
Evaluate your training experience by giving us feedbacks and help us to reach our organizational goals.
Section 1. Introduction and Overview of the 20 Critical Controls
Overview of the Control
How it is Compromised
Quick Win Controls
Visibility and Attribution Controls
Configuration and Hygiene Controls
Section 2. Critical Controls 3, 4, 5 and 6
Critical Control 3: Secure Configurations for Hardware and Software
Critical Control 4: Continuous Vulnerability Assessment and Remediation
Critical Control 5: Controlled Use of Administrative Privileges
Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs
Section 3. Critical Controls 7, 8, 9, 10 and 11
Critical Control 7: Email and Web Browser Protections
Critical Control 8: Malware Defenses
Critical Control 9: Limitation and Control of Network Ports, Protocols, and Services
Critical Control 10: Data Recovery Capability
Critical Control 11: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
Section 4. Critical Controls 12, 13, 14 and 15
Critical Control 12: Boundary Defense
Critical Control 13: Data Protection
Critical Control 14: Controlled Access Based On Need to Know
Critical Control 15: Wireless Device Control
Section 5. Critical Controls 16, 17, 18, 19 and 20
Critical Control 16: Account Monitoring and Control
Critical Control 17: Security Skills Assessment and Appropriate Training to Fill Gaps
Critical Control 18: Application Software Security
Critical Control 19: Incident Response and Management
Critical Control 20: Penetration Tests and Red Team Exercises