CSIS Top 20 Critical Security Controls Training Boot Camp
This boot camp helps you master the 20 Important Security Controls as published by the Center for Strategic and International Studies (CSIS).
Learn the CSIS critical security controls
- Five days of expert, live CSIS Top 20 training
- 100% Satisfaction Guarantee
- Free annual Infosec Skills subscription ($299 value!)
- 1-year access to all boot camp video replays and materials
- Knowledge Transfer Guarantee
About the CSIS 20 Top 20
The control areas and individual subcontrols described focus on various technical aspects of information security, with a primary goal of supporting organizations in prioritizing their efforts in defending against today’s most common and damaging computer and network attacks. Outside of the technical realm, a comprehensive security program should also take into account numerous additional areas of security, including overall policy, organizational structure, personnel issues (e.g., background checks) and physical security.
To help maintain focus, the controls in this document do not deal with these important, but non-technical, aspects of information security. Organizations should build a comprehensive approach in these other aspects of security as well, but overall policy, organization, personnel and physical security are outside of the scope of this document.
Training overview
Securing the United States against cyber-attacks has become one of the nation’s highest priorities. To achieve this objective, networks, systems, and the operations teams that support them must vigorously defend against external attacks. Furthermore, for those external attacks that are successful, defenses must be capable of thwarting, detecting and responding to follow-on attacks on internal networks as attackers spread inside a compromised network.
This group of 20 crucial controls is designed to begin the process of establishing a prioritized baseline of information security measures and controls that can be applied across enterprise environments. Fifteen of these controls can be monitored, at least in part, automatically and continuously. Five controls are essential but do not appear to be able to be monitored continuously or automatically with current technology and practices.
What you'll learn
- Defenses should focus on addressing the most common and damaging attack activities occurring today
- Enterprise environments must ensure consistent controls across an enterprise to effectively negate attacks
- Defenses should be automated where possible, and periodically or continuously measured using automated measurement techniques where feasible
- To address current attacks occurring on a frequent basis against numerous organizations, a variety of specific technical activities should be undertaken to produce a more consistent defense
Who should attend
- Information security professionals
- Network administrators
- System architects and engineers
- IT and security managers
- Anyone looking to learn about critical security controls
Everything you need to learn the Top 20 Critical Security Controls
- Five days of expert, live CSIS Top 20 training
- 100% Satisfaction Guarantee
- Free annual Infosec Skills subscription ($299 value!)
- 1-year access to all boot camp video replays and materials
- Knowledge Transfer Guarantee
CSIS training schedule
Infosec’s CSIS training is more than just a boot camp. We support you before, during and after your live training.
-
Before your boot camp
-
Start learning now. You’ll get immediate access to all the content in Infosec Skills the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
-
-
During your boot camp
-
Information Security Overview
- Mitigating Threats
- Organizational Security
- User- and Role-based Security
- Authentication
- Peripheral Security
- Application and Messaging Security
- Cryptography
- Public Key Infrastructure
- Network Security
- Â Â Ports and Protocols
- Â Â Wireless Security
- Â Â Remote Access Security
- Â Â Vulnerability Testing and Monitoring
- Â Â Business Continuity
NIST Overview and SP 800-53
The Top 20 Controls- Inventory of authorized and unauthorized devices
- Inventory of authorized and unauthorized software
- Secure configurations for hardware and software on workstations and servers
- Continuous vulnerability assessment
- Malware defenses
- Application software security
- Wireless device control
- Data recovery capability
- Security skills assessment and appropriate training to fill gaps
- Secure configurations for network devices such as Firewalls, Routers, and Switches
- Limitation and control of network ports, protocols, and services
- Controlled use of administrative privileges
- Boundary defense
- Maintenance, monitoring, and analysis of security audit logs
- Controlled access based on the need to know
- Account monitoring and control
- Data loss prevention
- Incident response management
- Secure network engineering
- Penetration tests and red team exercises
-
-
After your boot camp
-
Your boot camp includes a 1-year subscription to Infosec Skills, so you can get a head start on your next certification goal or start earning CPEs.
-
Free CSIS training resources
Sign up