Three More Days to Get an iPad Air w/ Smart Keyboard with any 5 or 6 Day SANS Training - Register Today!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Understanding the 2018 Updates to the CIS Critical Security Controls

  • Monday, June 18, 2018 at 10:30 AM EDT (2018-06-18 14:30:00 UTC)
  • James Tarala

You can now attend the webcast using your mobile device!



Each year the Center for Internet Security releases updates to their control guidance based on the cyber threats and methods attackers are using to compromise information systems. In this presentation, James Tarala, one of the three technical editors for the CIS Critical Security Controls will present a detailed explanation of the new updates to the controls released in March 2018.


Over the years dozens of cyber-security standards have been created to catalog the ways organizations can defend themselves. Unfortunately, many of these standards lead to more confusion, rather than provide specific technical defenses that can help stop advanced attacks. The CIS Controls are refreshed each year in light of observed threats and have been written to help organizations with practical, step-by-step guidance how to stop even the most advanced attackers. Controls are prioritized by threat actions and risks associated with certain threat actions.


During this presentation the editors of the Controls will:

  • Explain the control definition updates to the CIS Critical Security Controls
  • Describe how government agencies and private sector firms are using the controls as a part of the defensive architecture
  • Visualize how the Controls are related to existing security standards and regulations
  • Provide attendees specific metrics and measures that can be used to quantify the Controls
  • Demonstrate how the new quality management program can be used to quantify an organizations cyber-security maturity level

Speaker Bio

James Tarala

James Tarala is a principal consultant with Enclave Security based out of Venice, Florida, and a SANS Senior Instructor. As a consultant, he has spent the past several years designing large enterprise security and infrastructure architectures, helping organizations to perform security assessments, and communicating enterprise risk to senior leadership teams. He is the author and an instructor for SEC566: Implementing and Auditing the Critical Security Controls, SEC440: Critical Security Controls: Planning, Implementing, and Auditing, and a co-author and instructor for MGT415: A Practical Introduction to Cyber Security Risk Management. Read more about James here.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.