SEC566: SANS SOC Training 2022

Provided by

What You Will Learn

Building and Auditing Critical Security Controls

Cybersecurity attacks are increasing and evolving so rapidly that it is more difficult than ever to prevent and defend against them. Does your organization have an effective method in place to detect, thwart, and monitor external and internal threats to prevent security breaches?

In addition to defending their information systems, many organizations have to comply with a number of cybersecurity standards and requirements as a prerequisite for doing business. Dozens of cybersecurity standards exist throughout the world and most organizations must comply with more than one such standard. Is your organization prepared to comply and remain in compliance?

In February of 2016, then California Attorney General, Vice President Kamala Harris stated that "the 20 controls in the Center for Internet Security's Critical Security Controls identify a minimum level of information security that all organizations that collect or maintain personal information should meet. The failure to implement all the Controls that apply to an organization's environment constitutes a lack of reasonable security."

The Center for Internet Security (CIS) Critical Controls are specific security controls that CISOs, CIOs, IGs, systems administrators, and information security personnel can use to manage and measure the effectiveness of their defenses. They are designed to complement existing standards, frameworks, and compliance schemes by prioritizing the most critical threat and highest payoff defenses, while providing a common baseline for action against risks that we all face.

As threats and attack surfaces change and evolve, an organization's security should as well. To enable your organization to stay on top of this ever-changing threat scenario, SANS has designed a comprehensive course on how to implement the CIS Critical Controls, a prioritized, risk-based approach to security. Designed by private and public sector experts from around the world, the CIS Critical Controls are the best way to block known attacks and mitigate damage from successful attacks. They have been adopted by international governments, the U.S. Department of Homeland Security, state governments, universities, and numerous private firms.

SEC566 will enable you to master the specific and proven techniques and tools needed to implement and audit Version 8 of the CIS Controls as documented by the Center for Internet Security (CIS), as well as those defined by NIST SP 800-171 and the Cybersecurity Maturity Model Certification (CMMC). Students will learn how to merge these various standards into a cohesive strategy to defend their organization and comply with industry standards.

SANS' in-depth, hands-on training will teach security practitioners to understand not only how to stop a threat, but why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats. SEC566 shows security professionals how to implement the controls in an existing network through cost-effective automation. For auditors, CIOs, and risk officers, this course is the best way to understand how you will measure whether the Controls and other standards are effectively implemented.

  • Apply a security framework based on actual threats that is measurable, scalable, and reliable in stopping known attacks and protecting organizations' important information and systems
  • Understand the importance of each control and how it is compromised if ignored, and explain the defensive goals that result in quick wins and increased visibility of network and systems
  • Identify and use tools that implement controls through automation
  • Create a scoring tool to measure the effectiveness of each controls the effectiveness of each control
  • Employ specific metrics to establish a baseline and measure the effectiveness of security controls
  • Understand how critical controls map to standards such as the NIST Cybersecurity Framework, NIST SP 800-171, the CMMC, and more
  • Audit each of the CIS Critical Controls, with specific, proven templates, checklists, and scripts provided to facilitate the audit process
The CIS Controls v8 are listed below. The full document describing them in detail is available on the Center for Internet Security website.

  • CIS Control #1: Inventory and Control of Enterprise Assets
  • CIS Control #2: Inventory and Control of Software Assets
  • CIS Control #3: Data Protection
  • CIS Control #4: Secure Configuration of Enterprise Assets and Software
  • CIS Control #5: Account Management
  • CIS Control #6: Access Control Management
  • CIS Control #7: Continuous Vulnerability Management
  • CIS Control #8: Audit Log Management
  • CIS Control #9: Email and Web Browser Protections
  • CIS Control #10: Malware Defenses
  • CIS Control #11: Data Recovery
  • CIS Control #12: Network Infrastructure Management
  • CIS Control #13: Network Monitoring and Defense
  • CIS Control #14: Security Awareness and Skills Training
  • CIS Control #15: Service Provider Management
  • CIS Control #16: Application Software Security
  • CIS Control #17: Incident Response Management
  • CIS Control #18: Penetration Testing

The CIS released version 8 of the Controls in May 2021. This course content is updated to reflect the changes in the CIS Controls, as well as the most recent versions of the NIST SP 800-171 and the Cybersecurity Maturity Model Certification (CMMC).


During this course, students will participate in hands-on lab exercises that illustrate the concepts discussed in class. The goal of these labs is to complement and enhance the understanding of the defenses discussed in the course and to provide practical examples of how the Controls can be applied in a practical, real-world scenario.

  • MP3 audio files of the complete course lecture
  • Printed and electronic courseware
  • Operational Cybersecurity Executive Triad blog
  • Rekt Casino Hack Assessment Operational Series: What?! There Are Critical Security Controls We Should Follow? Part 2 of 4
  • Rekt Casino Hack Assessment Operational Series: Putting It All Together Part 4 of 4
  • CIS Controls v8
  • CIS Controls v8 blog
  • What's New with the CIS Controls v8 webcast
  • MGT516: Managing Security Vulnerabilities: Enterprise and Cloud
  • MGT551: Building and Leading Security Operations Centers

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...