• 708.689.0131
  • Contact us
  • Login
Infosec Logo
  • Infosec Logo
  • Products
  • Solutions
  • Resources
  • Company
  • Product overview
  • Infosec IQ logo Security awareness & culture
  • Infosec Skills logo On-demand training & cyber ranges
  • Infosec Skills Live Boot Camps logo On-demand training & cyber ranges
  • Infosec IQ overview
  • Security awareness training
  • Phishing simulator
  • Reporting & assessments
  • Integrations & automation
  • Global administration
  • Browse all training
  • Pricing & features
  • Demo
  • Infosec Skills overview
  • Role-guided training
  • Infosec Skills Teams
  • Cyber ranges & labs
  • Certifications & CPEs
  • Skill assessments
  • Browse all training
  • Pricing & features
  • Book a meeting
  • Live boot camps
  • Infosec Institute certifications
  • DoD 8570 certifications
  • Get team boot camp pricing
  • View boot camp schedule
  • Book a meeting
  • Pre-built training plans
  • Compliance, industry & role-based training
  • Custom education
  • Personalized learning
  • Languages
  • Gamified learning
  • 1000+ phishing templates
  • Simulation types
  • Phishing email reporter
  • Dashboard reports
  • Security culture survey
  • Assessments
  • Learner analytics
  • Learner management
  • Threat response orchestration
  • Integrations
  • 52 NICE Work Roles
  • SOC Analyst
  • Cloud Security Engineer
  • Security Manager
  • ICS Security Practitioner
  • Security Engineer
  • Penetration Tester
  • Digital Forensics Analyst
  • Information Risk Analyst
  • Security Architect
  • Secure Coder
  • Boot camp overview
  • CISSP Boot Camp
  • Security+ Boot Camp
  • Ethical Hacking Boot Camp
  • CCNA Dual Cert Boot Camp
  • CASP+ Boot Camp
  • CCSP Boot Camp
  • CISM Boot Camp
  • CySA+ Boot Camp
  • PMP Boot Camp
  • Browse all boot camps
Choose Your Own Adventure

Security awareness games by Infosec

Click to Play

On-demand training for every cybersecurity role

Download Catalog

Certification training from industry experts

Get Pricing
  • Solutions overview
  • By organization type
  • By need
  • For business teams
  • For government & contractor teams
  • For MSPs & resellers
  • Security awareness
  • Phishing simulation
  • Technical skill development
  • IT certification
  • Compliance & framework
  • CMMC certification

    2021 IT & Security Talent Pipeline Study

    Download Now
    • Cyber Work
    • Webcasts
    • Case studies
    • Reports & whitepapers
    • Blog
    • Community
    • Infosec Inspire
    • Free tools
    • Cyber Work Podcast
    • Cyber Work Applied
    • Infosec Insiders
    • TechExams
    • YouTube
    • LinkedIn
    • Facebook
    • Twitter
    • Phishing Risk Test
    • Security awareness ROI calculator
    • Security awareness training plans
    • Security awareness buyer’s guide

      Cyber Work Podcast

      New cybersecurity career conversations every week

      Listen Now
      • About us
      • Events & webcasts
      • Careers
      • Scholarships & awards
      • Infosec Gives
      • Infosec Gives Partner Program
      • About us
      • Leadership
      • Newsroom
      • Recognition
      • Industry alliances
      • Infosec Hall of Fame
      • Infosec Security Awareness Awards
      • Infosec Accelerate Scholarship Program

        We’re hiring!

        Join a team dedicated to making a difference.

        Get To Know Us

        CSIS Top 20 Critical Security Controls Training Boot Camp

        This boot camp helps you master the 20 Important Security Controls as published by the Center for Strategic and International Studies (CSIS).

        View Pricing Book a Boot Camp

        Learn the CSIS critical security controls

        • Five days of expert, live CSIS Top 20 training
        • 100% Satisfaction Guarantee
        • Free annual Infosec Skills subscription ($299 value!)
        • 1-year access to all boot camp video replays and materials
        • Knowledge Transfer Guarantee

        About the CSIS 20 Top 20

        The control areas and individual subcontrols described focus on various technical aspects of information security, with a primary goal of supporting organizations in prioritizing their efforts in defending against today’s most common and damaging computer and network attacks. Outside of the technical realm, a comprehensive security program should also take into account numerous additional areas of security, including overall policy, organizational structure, personnel issues (e.g., background checks) and physical security.

        To help maintain focus, the controls in this document do not deal with these important, but non-technical, aspects of information security. Organizations should build a comprehensive approach in these other aspects of security as well, but overall policy, organization, personnel and physical security are outside of the scope of this document.

         

        View full course schedule

        Training overview

        Securing the United States against cyber-attacks has become one of the nation’s highest priorities. To achieve this objective, networks, systems, and the operations teams that support them must vigorously defend against external attacks. Furthermore, for those external attacks that are successful, defenses must be capable of thwarting, detecting and responding to follow-on attacks on internal networks as attackers spread inside a compromised network.

        This group of 20 crucial controls is designed to begin the process of establishing a prioritized baseline of information security measures and controls that can be applied across enterprise environments. Fifteen of these controls can be monitored, at least in part, automatically and continuously. Five controls are essential but do not appear to be able to be monitored continuously or automatically with current technology and practices.

        What you'll learn

        • Defenses should focus on addressing the most common and damaging attack activities occurring today
        • Enterprise environments must ensure consistent controls across an enterprise to effectively negate attacks
        • Defenses should be automated where possible, and periodically or continuously measured using automated measurement techniques where feasible
        • To address current attacks occurring on a frequent basis against numerous organizations, a variety of specific technical activities should be undertaken to produce a more consistent defense

        Who should attend

        • Information security professionals
        • Network administrators
        • System architects and engineers
        • IT and security managers
        • Anyone looking to learn about critical security controls

        Everything you need to learn the Top 20 Critical Security Controls

        • Five days of expert, live CSIS Top 20 training
        • 100% Satisfaction Guarantee
        • Free annual Infosec Skills subscription ($299 value!)
        • 1-year access to all boot camp video replays and materials
        • Knowledge Transfer Guarantee
        View Pricing

        CSIS training schedule

        Infosec’s CSIS training is more than just a boot camp. We support you before, during and after your live training.

        • Before your boot camp
          • Start learning now. You’ll get immediate access to all the content in Infosec Skills the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.

        • During your boot camp
          • Information Security Overview

            • Mitigating Threats
            • Organizational Security
            • User- and Role-based Security
            • Authentication
            • Peripheral Security
            • Application and Messaging Security
            • Cryptography
            • Public Key Infrastructure
            • Network Security
            •   Ports and Protocols
            •   Wireless Security
            •   Remote Access Security
            •   Vulnerability Testing and Monitoring
            •   Business Continuity

            NIST Overview and SP 800-53


            The Top 20 Controls

            • Inventory of authorized and unauthorized devices
            • Inventory of authorized and unauthorized software
            • Secure configurations for hardware and software on workstations and servers
            • Continuous vulnerability assessment
            • Malware defenses
            • Application software security
            • Wireless device control
            • Data recovery capability
            • Security skills assessment and appropriate training to fill gaps
            • Secure configurations for network devices such as Firewalls, Routers, and Switches
            • Limitation and control of network ports, protocols, and services
            • Controlled use of administrative privileges
            • Boundary defense
            • Maintenance, monitoring, and analysis of security audit logs
            • Controlled access based on the need to know
            • Account monitoring and control
            • Data loss prevention
            • Incident response management
            • Secure network engineering
            • Penetration tests and red team exercises

             

        • After your boot camp
          • Your boot camp includes a 1-year subscription to Infosec Skills, so you can get a head start on your next certification goal or start earning CPEs.

        Free CSIS training resources

        Latest malware trends are bad news for business

        Adam Kujawa, director of Malwarebytes Labs, discusses the latest Malwarebytes Labs Cybercrime Tactics and Techniques Report, why the report is unlikely to make organizations very happy and how the findings will affect the cybersecurity industry in the years to come.

        Listen Now

        Malware removal and security tips with Malwarebytes

        Michael Sherwood, senior director of technician services at Malwarebytes, talks about Malwarebytes, the group's free malware removal forums and a few other malware-related topics.

        Listen Now

        Vulnerability hunting and ecommerce safety

        Let’s talk about the practice of finding vulnerabilities! For Ted Harrington, Executive Partner of ISE, it’s much more than a job, it’s a life mission. Ted joins the Cyber Work Podcast to discuss being part of the first team to hack the iPhone, as well as thinking like a hacker to avoid being hacked yourself. He also gives advice for people who would rather sell their wares online this holiday season than spend all day thinking about security. The world has been moving in the direction of holiday shopping online for quite some time now, but with things being what they are in 2020, that trend is likely to grow exponentially upward as stores become either closed to the public or only open to a few people at a time for safety. Either way, that means a lot of online transactions, and a lot of juicy targets for cybercriminals.

        Ted Harrington, Executive Partner at ISE is finding new ways to protect digital assets. He's helped companies like Disney, Amazon, Google, Netflix and Adobe fix tens of thousands of security vulnerabilities. His team at ISE is composed of ethical hackers known for being the first to hack the iPhone, where he applies his think-like-a-hacker mentality to constantly adapt to fresh security and software development challenges.

        Listen Now

        Find your boot camp

        Take the course online?
        Learn more about online
        866.471.0059
        • Today
        • Next week
        • Next month
        See additional dates

        Sign up

        Enroll in a boot camp

          See additional dates
          Infosec logo

          Products

          Infosec IQ Security awareness, culture & phishing simulator Infosec Skills Hands-on skill development & boot camps

          Resources

          Cyber Work Blog Infosec Inspire Events & webcasts

          Company

          Contact us About Infosec Careers Newsroom Partners
          • ©2022 Infosec Institute, Inc.
            • Trademarks
            • Privacy Policy

          Infosec, part of Cengage Group