Students will learn how to merge these various standards into a cohesive strategy to defend their organization and comply with industry standards. SEC566 will enable you to master the specific and proven techniques and tools needed to implement and audit Version 8 of the CIS Controls as documented by the Center for Internet Security (CIS), as well as those defined by NIST SP 800-171 and the Cybersecurity Maturity Model Certification (CMMC). Department of Homeland Security, state governments, universities, and numerous private firms. They have been adopted by international governments, the U.S. Designed by private and public sector experts from around the world, the CIS Critical Controls are the best way to block known attacks and mitigate damage from successful attacks. To enable your organization to stay on top of this ever-changing threat scenario, SANS has designed a comprehensive course on how to implement the CIS Critical Controls, a prioritized, risk-based approach to security. They are designed to complement existing standards, frameworks, and compliance schemes by prioritizing the most critical threat and highest payoff defenses, while providing a common baseline for action against risks that we all face.Īs threats and attack surfaces change and evolve, an organization's security should as well. The Center for Internet Security (CIS) Critical Controls are specific security controls that CISOs, CIOs, IGs, systems administrators, and information security personnel can use to manage and measure the effectiveness of their defenses. The failure to implement all the Controls that apply to an organization's environment constitutes a lack of reasonable security." In February of 2016, then California Attorney General, Vice President Kamala Harris stated that "the 20 controls in the Center for Internet Security's Critical Security Controls identify a minimum level of information security that all organizations that collect or maintain personal information should meet. Is your organization prepared to comply and remain in compliance? Dozens of cybersecurity standards exist throughout the world and most organizations must comply with more than one such standard. In addition to defending their information systems, many organizations have to comply with a number of cybersecurity standards and requirements as a prerequisite for doing business.
Does your organization have an effective method in place to detect, thwart, and monitor external and internal threats to prevent security breaches?
Building and Auditing Critical Security ControlsĬybersecurity attacks are increasing and evolving so rapidly that it is more difficult than ever to prevent and defend against them.