Course Description
This training will teach you how to master the specific techniques and tools needed to implement and audit the Critical Controls. It will help security practitioners understand not only how to stop a threat, but why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats. The course shows security professionals how to implement the controls in an existing network through cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the Controls are effectively implemented.
What Do Participants Learn?
- Apply a security framework based on actual threats that is measurable, scalable, and reliable in stop- ping known attacks and protecting organizations' important information and systems
- Understand the importance of each control, how it is compromised if ignored, and explain the defesive goals that result in quick wins and increased visibility of network and systems
- Identify and utilize tools that implement controls through automation
- Learn how to create a scoring tool for measuring the effectiveness of each controls the effectiveness of each control
- Employ specific metrics to establish a baseline and measure the effectiveness of security controls
- Understand how critical controls map to standards such as NIST 800-53, ISO 27002, the Australian Top 35, and more
- Audit each of the critical security controls, with specific, proven templates, checklists, and scripts provided to facilitate the audit process
Who Should Attend?
- Information assurance auditors
- System implementers or administrators
- Network security engineers
- IT administrators
- Department of Defense (DoD) personnel or contractors
- Federal agencies or clients
- Private sector organizations looking to improve information assurance processes and secure their systems
- Security vendors and consulting groups looking to stay current with frameworks for information assurance
What Will the Learning Experience Include?
Phase: 1
Introduce
- Comprehensive pre-program activities include:
- Web-based information forms & surveys completed by attendee.
- Direct consultation with the attendee about the expectations.
- During the training, participants engage in data, activities, and conversations that lead to insight and knowledge.
- Participants learn from expert trainers who have both academic and business experiences.
- Highly applicable training content & instructive activities for adding depth to training topics.
- **A half-day site visit for integrating the experience & plan next steps. Opportunities to provide connections, ideas & support.
Phase: 2
Explore & Practice
Phase: 3
Apply
- Apply & sustain the learning experience by using this ongoing support:
- To ensure participant has new skills or behavior progress.
- Optional, fee-based mentoring & coaching with the trainer.
- Training materials & additional documents (e-books, pdf files, presentations and articles)
- Evaluate your training experience by giving us feedbacks and help us to reach our organizational goals.
- Participant's Evaluation
- Trainer's Evaluation
Phase: 4
EVALUATE
Section 1. Introduction and Overview of the 20 Critical Controls
- Overview of the Control
- How it is Compromised
- Defensive Goals
- Quick Win Controls
- Visibility and Attribution Controls
- Configuration and Hygiene Controls
- Advanced Controls
Section 2. Critical Controls 3, 4, 5 and 6
- Critical Control 3: Secure Configurations for Hardware and Software
- Critical Control 4: Continuous Vulnerability Assessment and Remediation
- Critical Control 5: Controlled Use of Administrative Privileges
- Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs
Section 3. Critical Controls 7, 8, 9, 10 and 11
- Critical Control 7: Email and Web Browser Protections
- Critical Control 8: Malware Defenses
- Critical Control 9: Limitation and Control of Network Ports, Protocols, and Services
- Critical Control 10: Data Recovery Capability
- Critical Control 11: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
Section 4. Critical Controls 12, 13, 14 and 15
- Critical Control 12: Boundary Defense
- Critical Control 13: Data Protection
- Critical Control 14: Controlled Access Based On Need to Know
- Critical Control 15: Wireless Device Control
Section 5. Critical Controls 16, 17, 18, 19 and 20
- Critical Control 16: Account Monitoring and Control
- Critical Control 17: Security Skills Assessment and Appropriate Training to Fill Gaps
- Critical Control 18: Application Software Security
- Critical Control 19: Incident Response and Management
- Critical Control 20: Penetration Tests and Red Team Exercises