SEC566: OnDemand

Provided by

Enquire about this course

What You Will Learn
What are CIS Controls?

The CIS Controls (formerly known as Critical Security Controls) are a recommended set of prioritized cyber defense best practices. They provide specific and actionable ways to protect against today's most pervasive and dangerous attacks. SANS provides CIS Controls v8 training, research, and certification. Version 8, released in May 2021, is a Change to the Entire Controls Ecosystem and provides backwards compatibility with previous versions and a migration path for users of prior versions to move to v8. Whether you use the CIS Controls or another control framework to guide your security improvement program, it is critical to understand that a controls list is simply a starting point. With the release of version 8, CIS added new tools and guides to the CIS controls ecosystem to help organizations:
  • Implement, track, measure, and assess controls.
  • Prioritize controls based on evolving threats.
  • Justify investment in CIS Controls implementation.
  • Implement CIS Controls best practices for mobile devices and applications.
  • Apply CIS Controls best practices to cloud environments.
  • Comply with multiple frameworks by providing a map of regulatory frameworks
"All week long I have been noting the topics and items I want to bring back to my team to improve various operations. This content is perfectly aligned with the work I am doing. So yes, this was an excellent course." - Thad Zeitler, Athena Health

Organizations need to defend their information systems and there are many solutions, requirements and tools to navigate. Which solutions should be implemented first? What will reduce the most risk and defend against the most common attacks? SANS and CIS have mapped the most common and likely threats and attacks to a prioritized list of mitigations called the CIS Controls. These controls are regularly reviewed to ensure they continue to mitigate the the ever evolving threat and surface-area landscape. By following the CIS Controls, organizations will reduce cyber risk, measure, and report on residual risk.

SEC566 will enable you to master the specific and proven techniques and tools needed to implement and audit the controls defined in the Center for Internet Security's (CIS) Controls, Students will gain direct knowledge of the CIS Controls and ecosystem of tools to implement CIS controls across organizations complex networks, including cloud assets and third party risk. Additional tools to measure both CIS Control coverage as well as assess risk throughout the program will be provided. This in-depth, hands-on critical security controls training will teach security practitioners to understand not only how to stop a threat, but why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats. SEC566 shows security professionals how to implement the CIS Controls in an existing network through cost-effective automation. For auditors, CIOs, and risk officers, this course is the best way to understand how you will measure cybersecurity control effectiveness. In addition, CIS Controls are mapped to other frameworks to ensure compliance as well as security leveraging the CIS Controls.

"The course content is very thorough and helps paint the picture of the CIS Controls that my organization follows." - Matt S., US Military
Business Takeaways
  • Efficiently reduce the most important cyber-related risks
  • Align compliance requirements with security and business goals and solutions
  • Report the status of cybersecurity defense efforts to senior leadership in clear, business terms
  • Enjoy peace of mind that your organization has a comprehensive strategy for defense and compliance
Skills Learned
  • Apply security controls based on actual threats that are measurable, scalable, and reliable in stopping known attacks and protecting your organization's important information and systems
  • Understand the importance of each control and how it is compromised if ignored
  • Explain the defensive goals that result in quick wins and increased visibility of network and systems
  • Identify and use tools that implement controls through automation
  • Create a scoring tool to measure the effectiveness of each control
  • Employ specific metrics to establish a baseline and measure the effectiveness of security controls
  • Competently map CIS Controls to compliance and standards such as PCI-DSS, the NIST Cybersecurity Framework (CSF), ISO 27000, and more
  • Audit each of the CIS Controls with specific, proven templates, checklists, and scripts provided to facilitate the audit process
"A comprehensive walk through of the Critical Security Controls, not just focusing on the 'what', but more importantly the 'why'. Its been an invaluable learning experience for me." - Justin Cornell, LOM (UK) Limited
Hands-On CIS Controls Training

During this course, students will participate in hands-on lab exercises that illustrate the concepts discussed in class. The goal of these labs is to complement and enhance the understanding of the defenses discussed in the course and to provide practical examples of how the Controls can be applied in a practical, real-world scenario. Throughout the course there is a Cyber42 simulation to practice responding to real-world events affecting the organizations cybersecurity program and defenses.

Section 1: Preparing Student Laptops for Class, How to Use the AuditScripts CIS Control Initial Assessment Tool, Asset Inventory with Microsoft PowerShell

Section 2: How to Use Veracrypt to Encrypt Data at Rest, How to Use Mimikatz to Abuse Privileged Access, Understanding Windows Management Instrumentation (WMI) for Baselining

Section 3: How to Use Microsoft AppLocker to Enforce Application Control, Using PowerShell to Test for Software Updates, How to Use the CIS-CAT Tool to Audit Configurations, CIS Navigator, How to Parse Nmap Output with PowerShell

Section 4: How to Use GoPhish to Perform Phishing Assessments, How to Use Nipper to Audit Network Device Configurations, How to Use Wireshark to Detect Malicious Activity, Testing Data Loss Prevention

Section 5: Tabletop Exercise Building, CIS-RAM Risk Register and Prioritization
Syllabus Summary

Section 1: Students will learn an overview of CIS Controls and resources to for addressing cybersecurity risk.

Section 2: Students will learn the core principles of data protection and Identity and Access Management (IAM), prioritizing the CIS Controls.

Section 3: Students will learn the core principles of vulnerability and configuration management, prioritizing the CIS Controls.

Section 4: Students will learn the core principles of endpoint security and network based defenses, prioritizing the CIS Controls.

Section 5: Students will learn the core principles of key cybersecurity governance and operational practices, prioritizing the CIS Controls.
Additional Free Resources
  • Managing Information Security Risk with CIS Controls, webcast
  • CIS Controls, v8
  • CIS tools
    • CIS Controls Assessment Tool (CIS-CSAT)
    • CIS Navigator
    • CIS Risk Assessment Model (CIS-RAM)
    • CIS Implementation Guides
    • CIS Community Defense Model (CIS-CDM)
  • CIS Controls v8 poster
  • CISO Scorecard poster
  • Operational Cybersecurity Executive Triad
  • Rekt Casino Hack Assessment Operational Series: What?! There Are Critical Security Controls We Should Follow? Part 2 of 4, webcast
  • Rekt Casino Hack Assessment Operational Series: Putting It All Together Part 4 of 4, webcast
  • What's New with the CIS Controls v8?, webcast
What You Will Receive
  • Printed and electronic courseware
  • MP3 audio files of the complete course lecture
  • Access to the Cyber42 web app
What Comes Next
  • LDR516: Building and Leading Vulnerability Management Programs
  • LDR551: Building and Leading Security Operations Centers


Start date Location / delivery
No fixed date Virtual Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...