Beta

SEC366: CIS Implementation Group 1

  • Online
6 CPEs

Small to medium size businesses and non-profits simply do not have the budgets to create and maintain cybersecurity teams to defend against the ever-growing threat landscape. Yet they are not immune. Most of these organizations have a somewhat technical employee who has been tasked with managing security, often with no background in security and no training. SEC366 is the starting point for implementing cybersecurity no matter how small your organization or team is.

What You Will Learn

The prioritization of CIS IG1 is particularly useful to small and mid-size organizations who lack full blown cybersecurity teams yet need basic protections in place. IG1 is the on-ramp to the CIS Controls and consists of a foundational set of 56 cyber defense Safeguards. The Safeguards included in IG1 are what every enterprise should apply to defend against the most common attacks.

IG1 is designed to protect low level sensitive data that principally surrounds employee and financial information. Safeguards selected for IG1 should be implementable with limited cybersecurity expertise and aimed to thwart general, non-targeted attacks. These Safeguards will also typically be designed to work in conjunction with small or home office commercial off-the-shelf (COTS) hardware and software.

This targeted, hands-on training on CIS Controls Implementation Group 1 (IG1) teaches security practitioners not only how to defend against threats but also the reasoning behind these measures and how to future-proof defenses against emerging threats. SEC366 demonstrates how to implement the CIS Controls through cost-effective automation, making it an essential course for to measure and improve the effectiveness of cybersecurity controls in all organizations.

What is CIS Implementation Group 1?

CIS Implementation Group 1 is the most basic set of essential cyber hygiene controls that represent a minimum standard of information security necessary for every organization.

Business Takeaways

  • Efficiently reduce the most important cyber-related risks
  • Align compliance requirements with security and business goals and solutions
  • Report the status of cybersecurity defense efforts to senior leadership in clear, business terms

Skills Learned

  • Apply initial security controls based on actual threats that are measurable, scalable, and reliable in stopping known attacks and protecting your organization's important information and systems
  • Understand the importance of each CIS IG1 control and how it is compromised if ignored
  • Explain the defensive goals that result in quick wins and increased visibility of network and systems
  • Identify and use tools that implement controls through automation

Hands-On CIS Implementation Group 1 Training

During this course, students will participate in hands-on lab exercises that illustrate the concepts discussed in class. The goal of these labs is to complement and enhance the understanding of the defenses discussed in the course and to provide practical examples of how CIS IG1 can be applied in a practical, real-world scenario.

Additional Free Resources

What You Will Receive

  • Electronic courseware
  • Mp3 audio files of course lecture
  • Course VM to practice concepts

What Comes Next?

Syllabus (6 CPEs)

Download PDF
  • Overview

    CIS Implementation Group 1 addresses the core functional areas of Govern, Identify, Protect, Detect, Respond and Recover. SEC366 supports the knowledge and skills to effectively understand, implement, and report on the CIS Controls Implementation Group 1, the highest priority controls for organizations of all size to implement.

    Exercises
    • CIS Navigator and review policy library
    • CIS Self Assessment tool (CSAT)
    • Inventory of devices, software, accounts with PowerShell
    • Secure Configuration with CIS-CAT
    • Scanning for Sensitive Data
    • Building TableTop Exercises
    • CIS Riks Assessment Method (CIS-RAM)
    Topics
    • CIS Resources
      • The course will review the tools and resources provided within the CIS Controls ecosystem. CIS provides Implementation guidance, pre-written policy templates, threat reports, assessment and due diligence tools. The course will cover key tools and documents to enhance and manage an Information Security Program based on the CIS Implementation Group 1 Controls.
    • Govern
      • Any program will require governance. Within Information Security, governance is often combined with risk and compliance as GRC. Each of these three terms are views and methods to ensure a robust Information Security Program. The CIS Controls also require comprehensive GRC functions. SEC366 will address initial governance requirements, documentation and communication, as well as practice with tools like CIS-RAM and CSAT.
    • Identify
      • When starting and throughout a program, understanding the environment is a key requirement that is often overlooked. Implementation Group 1 focuses on enumerating the environment providing an understanding of what needs to be protected. SEC366 will discuss and practice identifying and documenting the organizations environment.
    • Protect / Detect
      • The Largest section for Implementation Group 1 focuses on tasks to block the adversary or alert when the adversary is present. Here is where the CIS Controls have their most impact. Implementing solutions that will block the adversary to protect the business. CIS Controls identified the most damaging attacks, providing a prioritized list of the most important safeguards to block or detect the adversary. SEC366 provides hands-on exercises to demonstrate or test these controls.
    • Measurement and Reporting
      • Any Information Security Program must ensure the program addresses the organizations actual concerns or risks. SEC366 discusses methods to measure program progress and status through CIS tools so business leaders can make Information Security informed decisions.

Prerequisites

SEC366 covers core areas of security and assumes a basic understanding of technology, networks, and security. For those who are new to the field and have no background knowledge, SEC275: Foundations - Computers, Technology and Security or SEC301: Introduction to Cyber Security would be the recommended starting point. While these courses are not a prerequisite for SEC366, they do provide the introductory knowledge to help maximize the experience with SEC366.

Laptop Requirements

Important! Bring your own system capable of running a Windows 11 VM. Details below.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements. Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

Mandatory SEC566 System Hardware Requirements

  • CPU: 64-bit Intel i5/i7 (8th generation or newer), or AMD equivalent. A x64 bit, 2.0+ GHz or newer processor is mandatory for this class.
  • CRITICAL: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot in any way be used for this course.
  • BIOS settings must be set to enable virtualization technology, such as "Intel-VTx" or "AMD-V" extensions. Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.
  • 8GB of RAM or more is required.
  • 64GB of free storage space or more is required.
  • At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.
  • Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.

Mandatory SEC566 Host Configuration And Software Requirements

  • Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer.
  • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
  • Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.
  • Local Administrator Access is required. (Yes, this is absolutely required. Don't let your IT team tell you otherwise.) If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.
  • You should ensure that antivirus or endpoint protection software is disabled, fully removed, or that you have the administrative privileges to do so. Many of our courses require full administrative access to the operating system and these products can prevent you from accomplishing the labs.
  • Any filtering of egress traffic may prevent accomplishing the labs in your course. Firewalls should be disabled or you must have the administrative privileges to disable it.
  • Microsoft Office (any version) or OpenOffice installed on your host. Note that you can download Office Trial Software online (free for 30 days).
  • Download and install VMware Workstation Pro 16.2.X+ or VMware Player 16.2.X+ (for Windows 10 hosts), VMware Workstation Pro 17.0.0+ or VMware Player 17.0.0+ (for Windows 11 hosts), or VMWare Fusion Pro 12.2+ or VMware Fusion Player 11.5+ (for macOS hosts) prior to class beginning. If you do not own a licensed copy of VMware Workstation Pro or VMware Fusion Pro, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at their website. Also note that VMware Workstation Player offers fewer features than VMware Workstation Pro. For those with Windows host systems, Workstation Pro is recommended for a more seamless student experience.
  • On Windows hosts, VMware products might not coexist with the Hyper-V hypervisor. For the best experience, ensure VMware can boot a virtual machine. This may require disabling Hyper-V. Instructions for disabling Hyper-V, Device Guard, and Credential Guard are contained in the setup documentation that accompanies your course materials.
  • Download and install 7-Zip (for Windows Hosts) or Keka (for macOS hosts). These tools are also included in your downloaded course materials.

Your course media is delivered via download. The media files for class can be large. Many are in the 40-50GB range, with some over 100GB. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need your course media immediately on the first day of class. Do not wait until the night before class to start downloading these files.

If you have additional questions about the laptop specifications, please contact customer service.

Author Statement

"The modern threat landscape is increasingly complex, and deciding which steps to take next in defending against these threats can be overwhelming, especially with the vast range of technologies and tools available. Adding to the challenge, organizations must also comply with various regulatory frameworks. This raises critical questions: Are we taking the right actions to protect our organization? What should be prioritized next?

In SEC366: CIS Critical Security Controls IG1, we focus on answering these questions by guiding you through the implementation of Implementation Group 1 (IG1) controls. IG1 is designed specifically for organizations with limited cybersecurity resources, offering a targeted set of foundational safeguards that address the most common and impactful attacks occurring today, as well as anticipated future threats. This course will help you establish a strong security foundation by implementing these essential controls, which are both practical and effective.

Students will not only learn how to align and map the CIS Controls to their organization's compliance and framework requirements but also how to measure control implementation and effectiveness. With the knowledge gained, you'll be able to communicate progress and risk reduction to leadership, ensuring your cybersecurity efforts are both strategic and measurable. This hands-on course equips you with the tools needed to confidently start your security program and continually assess and improve it over time."

-Brian Ventura

Register for SEC366

Learn about Group Pricing

Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.

Loading...