Summit: August 12-13, 2013
Post-Summit Course: August 14-18, 2013
Recently, General Alexander, Commander of the U.S. Cyber Command, was asked, "What is the cyber equivalent of 'rules of the road' for driving, those standards that we need now to protect our systems, to ensure those systems are secure?" His answer: the critical security controls. General Alexander describes the critical controls as "the right starting point."
Many government agencies, companies (large and small), and non-profit institutions have reached similar conclusions and are actively implementing the Critical Security Controls as an essential element of their cyberdefense. Each organization faces challenges when implementing the critical controls, and there is enormous value in sharing the knowledge that the pioneers had to learn the hard way.
This Summit provides attendees an extraordinary chance to learn and ask questions about those lessons of the pioneers. It also offers a unique opportunity to become part of this international movement, and gives attendees a chance to attend one of the highest rated courses in cybersecurity: Implementing and Auditing the Twenty Critical Security Controls.
At the Summit, attendees will learn about the "big picture" of the Critical Security Controls - the motivation, the history, the participants - along with detailed information about implementation - who has done it, how they saw the value proposition, how they gained executive support, the planning for implementation, the tools they used, etc. Directly from the experience of the pioneering organizations, you will learn how to rapidly put in place defensive measures with the greatest value in stopping attacks on your systems.
You will learn how:
- shared knowledge of specific threats and actual attacks are used to identify and prioritize the most effective defensive steps
- your organization can adopt the Critical Security Controls, from assessing your starting point to developing an implementation roadmap to ongoing security management
- dozens of experts from across government and industry have come together to create the Critical Security Controls and champion their adoption
- automation is a cornerstone of the Controls, and how it is used to increase the leverage and minimize the costs of your defenses; and
- to make the Controls part of your overall program of security measurement and management
You will also learn about the Consortium for Cybersecurity Action, a virtual community of more than 100 agencies, companies, and individuals that now leads the development and evolution of the Critical Security Controls, and is also developing the support ecosystem, both generally and within specific industries, of use cases, working aids, mappings, and tools to help others adopt and implement the Critical Security Controls.
You may attend the Summit, the course (Implementing and Auditing the Twenty Critical Security Controls) or both.
Here are what recent attendees had to say about Implementing and Auditing the Twenty Critical Security Controls.
"So far, this is the best instructor I've had in any technical class."
"Topics addressed real-world and current threats - gives great suggestions to assist an organization to better protect their IP space."
"SEC566 provided great ideas and processes to use at work."
"This course really brings a whole new perspective to the 20 critical controls. (The Instructor's) knowledge and experience with the controls really shows as he presents on this subject."
"Addresses real time emerging situations and industry threats as well as evolving best practices and standards."
"This class is beneficial for auditors in security on how to use technical controls on evaluating not only compliance, but results."
"So far the most useful course I've ever taken."
"I really appreciate how well written the labs were. I can follow then with no assistance and successfully complete."
"SANS Sec566 provides crucial and fundamental methodology to secure networks and system. Best class I've taken from SANS."
I look forward to seeing you there!
Director, SANS and the Consortium for Cybersecurity Action