SEC440: Critical Security Controls: Planning, Implementing and Auditing
This course helps you master specific, proven techniques and tools needed to implement and audit the Critical Security Controls as documented by the Council on CyberSecurity. These Critical Security Controls, listed below, are rapidly becoming accepted as the highest priority list of what must be done and proven before anything else at nearly all serious and sensitive organizations. These controls were selected and defined by the US military and other government and private organizations (including NSA, DHS, GAO, and many others) who are the most respected experts on how attacks actually work and what can be done to stop them. They defined these controls as their consensus for the best way to block the known attacks and the best way to help find and mitigate damage from the attacks that get through. For security professionals, the course enables you to see how to put the controls in place in your existing network though effective and widespread use of cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the controls are effectively implemented.
The Critical Security Controls are listed below. You will find the full document describing the Critical Security Controls posted at the Council on CyberSecurity.
One of the best features of the course is that it uses offense to inform defense. In other words, you will learn about the actual attacks that you'll be stopping or mitigating. That makes the defenses very real, and it makes you a better security professional.
As a student of the Critical Security Controls two-day course, you'll learn important skills that you can take back to your workplace and use your first day back on the job in implementing and auditing each of the following controls:
Critical Control 1: Inventory of Authorized and Unauthorized Devices
Critical Control 2: Inventory of Authorized and Unauthorized Software
Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Critical Control 4: Continuous Vulnerability Assessment and Remediation
Critical Control 5: Malware Defenses
Critical Control 6: Application Software Security
Critical Control 7: Wireless Device Control
Critical Control 8: Data Recovery Capability
Critical Control 9: Security Skills Assessment and Appropriate Training to Fill Gaps
Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
Critical Control 11: Limitation and Control of Network Ports, Protocols, and Services
Critical Control 12: Controlled Use of Administrative Privileges
Critical Control 13: Boundary Defense
Critical Control 14: Maintenance, Monitoring, and Analysis of Audit Logs
Critical Control 15: Controlled Access Based on the Need to Know
Critical Control 16: Account Monitoring and Control
Critical Control 17: Data Loss Prevention
Critical Control 18: Incident Response and Management
Critical Control 19: Secure Network Engineering
Critical Control 20: Penetration Tests and Red Team Exercises
People who have taken training from Dr. Cole have this to say:
"Great teacher; very knowledgeable, passionate, entertaining, and informative." -Mike Mayers, RIM
"Expertise of the instructor lets me concentrate on learning, rather than interpreting!" -Leo Lavender, McDonald Observatory, University of Texas
"This is my first formal security class. Eric's energy and presentation definitely makes me want to sign right up for the next class." -Minyon L. Ridley, ENSR/AECOM
"Dr. Cole is an incredible teacher. He is one of the only teachers that I have experienced in my many years of classes that can keep your attention 100% of the time." -Blake Sharin, Florida Dept of Health
People who have taken training from James Tarala have said this:
"James is quite a talented and captivating speaker. He seems to never miss a beat and has an immense knowledge base." -Charles Bolte, U.S. Army
"James Tarala is a great instructor! Enjoyable to listen to, easy to follow and helpful in the labs. I would not hesitate to register for another class that Mr. Tarala is teaching." -Sarah Rosman, Sterling Savings Bank
"James conveys the technical subject matter in an easily understandable manner that is easy to visualize and comprehend." -Idris Fofana, TREX
A computer is not required for this course. However during class the instructor will be distributing sample tools to students on a portable USB drive. If students wish to access these tools during class they will need to bring a computer with them that is capable of accessing files on a USB drive. Accessing these files is optional and not necessary to participate in class activities.
If you have additional questions about the laptop specifications, please contact firstname.lastname@example.org.
|Why Take This Course?|
Why Choose Our Course?
"What are the most important things we have to do to protect our systems?" That is the question the defense industrial base CIOs asked the DoD when they learned their systems were leaking and losing some of America's most important military secrets to nation-state hackers. It is also the question that CIOs throughout government are asking when they learn from Government Accountability Office Congressional testimony that FISMA audits are not measuring security effectively. It is exactly the same question that is being asked in power companies and banks and oil and gas organizations and health care organizations. If you are the person who can not only answer the question, but also implement and/or audit the controls, you will be the game changer. It might not happen immediately, but it will happen.
Take your learning beyond the classroom. Explore our site network for additional resources related to this course's subject matter.
*CPE/CMU credits not offered for the SelfStudy delivery method