Embark on a transformative journey with our SEC566: Implementing and Auditing CIS Controls course, designed to fortify your organization’s cybersecurity defenses. Over five intensive days, immerse yourself in mastering the CIS Critical Controls, a gold standard for securing IT systems and data. This program will equip you with the knowledge and practical skills to not only understand but effectively implement and audit these critical controls within your infrastructure. From gaining a deeper understanding of controls' structure and intent to leveraging tools and resources for bolstering security, this program covers it all. Engage in hands-on exercises that simulate real-world cybersecurity threats and responses, ensuring you’re battle-ready to protect your enterprise assets. Learn to assess control effectiveness, manage vulnerabilities, and navigate the complex landscape of IT security with confidence. Whether you're safeguarding software assets, enhancing data protection, or managing access controls, SEC566 provides the strategies and insights needed for a comprehensive cybersecurity framework. Perfect for IT professionals tasked with security management, auditing, and compliance, this program is your steppingstone to becoming a cybersecurity leader in your organization. Join us to elevate your skills, meet compliance standards, and lead with security excellence.
At the end of the training program, the participant should be able to:
1 Understanding the CIS Critical Controls
2 Understanding the resources and tools related to the CIS Controls
3 Understand control effectiveness against common threats leveraging Mitre ATT
4 Understanding and practicing control assessments
5 CIS Control 1: Inventory and Control of Enterprise Assets
6 Exercises:
Preparing Student Laptops for Class
How to Use the AuditScripts CIS Critical Control Initial Assessment Tool
Asset Inventory with Microsoft PowerShell
1 CIS Control 2: Inventory and Control of Software Assets
2 CIS Control 3: Data Protection
3 CIS Control 5: Account Management
4 CIS Control 6: Access Control Management
5 Exercises:
How to use Microsoft AppLocker to enforce Application Control
How to Use Veracrypt to Encrypt Data at Rest
How to Use Mimikatz to Abuse Privileged Access
Understanding Windows Management Instrumentation (WMI) for Baselining
1 CIS Control 7: Continuous Vulnerability Management
2 CIS Control 4: Secure Configuration of Enterprise Assets and Software
3 CIS Control 8: Audit Log Management
4 CIS Control 9: Email and Web Browser Protections
5 Exercises:
sing PowerShell to Test for Software Updates
How to Use the CIS-CAT Tool to Audit Configurations
How to Parse Nmap Output with PowerShell
How to use GoPhish to perform phishing simulations
1 CIS Control 10: Malware Defenses
2 CIS Control 11: Data Recovery
3 CIS Control 12: Network Infrastructure Management
4 IS Control 13: Network Monitoring and Defense
5 Exercises:
How to use CIS Navigator to map controls between Frameworks, Compliance and CIS Controls
How to Use Nipper to Audit Network Device Configurations
How to Use Wireshark to Detect Malicious Activity
How to Use Wireshark and Ngrep to emulate Data Loss Prevention
1 CIS Control 14: Security Awareness and Skills Training
2 CIS Control 15: Service Provider Management
3 CIS Control 16: Application Software Security
4 CIS Control 17: Incident Response Management
5 CIS Control 18: Penetration Testing
6 Exercises:
How to build robust Incident Response Tabletop Exercises
How to use CIS Risk Assessment Model (CIS-RAM) to identify, prioritize and report on residual risk
Not Available
Names of the training programs that are integrated (enriched) with the training program:
Names of the training programs that after the training program:
Add Comment