Prioritizing defenses to stop attacks with the appropriate cyber controls.
In addition to defending their information systems, many organizations have to comply with a number of cybersecurity standards and requirements as a prerequisite for doing business. Dozens of cybersecurity standards exist throughout the world and most organizations must comply with more than one such standard. As threats and attack surfaces change and evolve, an organization's security should as well. To enable your organization to stay on top of this ever-changing threat scenario, SANS has mapped the most commonly utilized cybersecurity frameworks into one comprehensive, comparative approach that enables organizations to streamline efforts and assets to properly defend their networks while meeting required standards.
SEC566 will enable you to master the specific and proven techniques and tools needed to implement and audit the controls defined in the Center for Internet Security's CIS) Controls (v7.1 / 8.0), the NIST Cybersecurity Framework (CSF), the Cybersecurity Maturity Model Certification (CMMC), ISO/IEC 27000, and many other common industry standards and frameworks. Students will learn how to merge these various standards into a cohesive strategy to defend their organization and comply with industry standards. SANS' in-depth, hands-on training will teach security practitioners to understand not only how to stop a threat, but why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats. SEC566 shows security professionals how to implement the controls in an existing network through cost-effective automation. For auditors, CIOs, and risk officers, this course is the best way to understand how you will measure whether their cybersecurity controls are effectively implemented.
- Maximize compliance analyst's time in mapping frameworks by learning a comprehensive controls matrix
- Reduce duplicate efforts of administrators implementing cybersecurity controls from different standards and frameworks
- Enjoy peace of mind that your organization has a comprehensive strategy for defense and compliance
- Report the status of cybersecurity defense efforts to senior leadership in clear terms.
- Apply a security framework based on actual threats that is measurable, scalable, and reliable in stopping known attacks and protecting organizations' important information and systems
- Understand the importance of each control and how it is compromised if ignored, and explain the defensive goals that result in quick wins and increased visibility of network and systems
- Identify and use tools that implement controls through automation
- Create a scoring tool to measure the effectiveness of each controls the effectiveness of each control
- Employ specific metrics to establish a baseline and measure the effectiveness of security controls
- Competently map critical controls to standards such as the NIST Cybersecurity Framework, NIST SP 800-171, the CMMC, and more
- Audit each of the CIS Critical Controls, with specific, proven templates, checklists, and scripts provided to facilitate the audit process
During this course, students will participate in hands-on lab exercises that illustrate the concepts discussed in class. The goal of these labs is to complement and enhance the understanding of the defenses discussed in the course and to provide practical examples of how the Controls can be applied in a practical, real-world scenario.
Section 1: Preparing Student Laptops for Class, How to Use the AuditScripts CIS Critical Control Initial Assessment Tool, Asset Inventory with Microsoft PowerShell
Section 2: How to Use Veracrypt to Encrypt Data at Rest, How to Use Mimikatz to Abuse Privileged Access, Understanding Windows Management Instrumentation (WMI) for Baselining
Section 3: How to Use Microsoft AppLocker to Enforce Application Control, Using PowerShell to Test for Software Updates, How to Use the CIS-CAT Tool to Audit Configurations, How to Parse Nmap Output with PowerShell
Section 4: How to Use GoPhish to Perform Phishing Assessments, How to Use Nipper to Audit Network Device Configurations, How to Use Wireshark to Detect Malicious Activity
"The exercises and labs provide great knowledge in understanding the course even further." - Nasser AlMazrouei, ADIA
"Real world tool usage and demonstration in the labs really helps understand threat potential." - Andrew Cummings, Emory University
"All labs were easy to follow and performed as expected." - Shawn Bilak, Southern Company
"Sad to have finished the last lab today. I've really enjoyed them. But, I've also learned about some resources I can use to further my learning and practices. The labs are not something I ever thought I would enjoy if I'm honest, but it's SO cool! and I cannot wait to learn more!" - Amy Garner, BUPA
Section 1: Students will learn an overview of the most common cybersecurity standards used by organizations and an introduction to how they address cybersecurity risk.
Section 2: Students will learn the core principles of data protection and Identity and Access Management (IAM), prioritizing the controls defined by industry standard cybersecurity frameworks.
Section 3: Students will learn the core principles of vulnerability and configuration management, prioritizing the controls defined by industry standard cybersecurity frameworks.
Section 4: Students will learn the core principles of endpoint security and network based defenses, prioritizing the controls defined by industry standard cybersecurity frameworks.
Section 5: Students will learn the core principles of key cybersecurity governance and operational practices, prioritizing the controls defined by industry standard cybersecurity frameworks.
ADDITIONAL FREE RESOURCES:
WHAT YOU WILL RECEIVE:
- Printed and electronic courseware
- MP3 audio files of the complete course lecture
WHAT COMES NEXT:
CRITICAL NOTE: Apple systems using the M1 processor line cannot perform the necessary virtualization functionality and therefore cannot in any way be used for this course.
Important! Bring your own system configured according to these instructions!
We ask that you do four things to prepare prior to class start. This early preparation will allow you to get the most out of your training. You must bring a properly configured system to fully participate in this course. If you do not carefully read and follow the instructions below, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified below for the course. This section details the required system hardware and software configuration for your class. You can also watch a series of short videos on these topics at https://sansurl.com/sans-setup-videos.
SANS courses consist of instruction and hands-on sessions. The hands-on sessions are designed to allow students to practice the knowledge gained throughout the course in an instructor-led environment. Students will have the opportunity to install, configure, and use the tools and techniques that they have learned.
Requirement #1: Bring a Properly Configured Laptop to Class
Students attending this course are required to bring a laptop computer in order to complete the exercises in class. Please make sure you bring a computer that meets the Requirements 2 - 4 below, and that it is properly configured. There will not be enough time in class to help you install your computer, so it must be properly installed and configured before you come to class so you can get the most from the class. Please do not bring a regular production computer for this class! When installing software, there is always a chance of breaking something else on the system. Students should assume the worst and that all data could be lost.
Requirement #2: Laptop Hardware Requirements
In order to complete the in-class activities, please ensure the laptop that you bring to class is configured with at least the following hardware:
- 8 GB of hardware memory
- 64-bit processor
- 64 GB free disk space (at least)
- Wireless (802.11) network adapter
- USB ports (not restricted)
- BIOS / Processor support for virtualization*
*Please verify that virtualization is supported on your laptop prior to coming to class. More information on how to do so can be found at https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003944.
Prior to coming to class, please ensure that the network interfaces are tested to prove that they can be configured and that all of the proper drivers have been installed.
Requirement #3: Laptop Operating System Requirements
In order to complete the in class activities, please ensure that the laptop that you bring to class is configured with at least the following operating system or configurations:
- Latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run VMware virtualization products described below.
- Students must be local administrator of this host operating system
- Students must know all BIOS or other passwords used on the system
- No Group Policy Objects (GPOs) or other similar operating system restrictions should be in place; ideally this laptop should not be a member of any domain prior to class.
Students may bring Apple Mac OSX machines, but all lab activities assume that the host operating system is Microsoft Windows based. Students will need to be confident reconfiguring and administering their own system if they bring a laptop running any operating system other than Microsoft Windows noted above.
Requirement #4: Laptop Software Requirements
In order to complete the in-class activities, please ensure that the laptop that you bring to class is configured with at least the following software or configurations:
- Microsoft Office 2010 (or later) installed and licensed on the laptop
- Download and install either VMware Workstation Player 16.1.1 or Fusion 12 or higher versions before class. If you do not own a licensed copy of VMware Workstation Player or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website.
- Other virtualization software, such as VirtualBox and Hyper-V, are not appropriate because of compatibility and troubleshooting problems you might encounter during class.
- VMware Workstation Pro and VMware Player on Windows 10 is not compatible with Windows 10 Credential Guard and Device Guard technologies. Please disable these capabilities for the duration of the class, if they're enabled on your system, by following instructions in this section.
Our hope is that by following these simple instructions above, you will be able to make the most of your classroom experience.
Your course media will be delivered via download. The media files for class can be large, some in the 40 - 50 GB range. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.
SANS has begun providing printed materials in PDF form. Additionally, certain classes are using an electronic workbook in addition to the PDFs. In this new environment, we have found that a second monitor and/or a tablet device can be useful by keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.
If you have additional questions about the laptop specifications, please contact email@example.com.