• 708.689.0131
  • Contact us
  • Infosec IQ login
  • Infosec Skills login
Infosec Logo
  • Infosec Logo
  • Products
  • Solutions
  • Resources
  • Company
  • Infosec IQ logo Security awareness & culture
  • Infosec Skills logo Boot camps & training
  • Product overview
  • Infosec IQ overview
  • Security awareness training
  • Phishing simulator
  • Reporting & assessments
  • Program automation
  • Security culture survey
  • Global administration
  • Browse all training
  • Pricing & features
  • Demo
  • Infosec Skills overview
  • Live boot camps
  • Training mapped to NICE Framework Training mapped to NICE Framework
  • Certifications & CPEs
  • Cyber ranges & labs
  • Skill assessments
  • Infosec Skills Teams
  • Browse all training
  • Free trial
  • Pricing & features
  • Demo
  • Pre-built training plans
  • Compliance, industry & role-based training
  • Custom education
  • Personalized learning
  • Languages
  • 1000+ phishing templates
  • Simulation types
  • Phishing email reporter
  • Dashboard reports
  • Security culture survey
  • Assessments
  • Learner analytics
  • Learner management
  • Threat response orchestration
  • Integrations
  • Cybersecurity Specialist
  • Cybercrime Investigator
  • IT Auditor
  • Cybersecurity Analyst
  • Cybersecurity Consultant
  • Penetration Tester
  • Cybersecurity Manager
  • Cybersecurity Engineer
  • Cybersecurity Architect
  • Boot camp overview
  • CISSP Boot Camp
  • Security+ Boot Camp
  • Ethical Hacking Boot Camp
  • CCNA Dual Cert Boot Camp
  • CASP+ Boot Camp
  • CCSP Boot Camp
  • CISM Boot Camp
  • CySA+ Boot Camp
  • PMP Boot Camp
  • Browse all boot camps
Choose Your Own Adventure

Security awareness games by Infosec

Click to Play

Learn how to ATT&CK & defend in the cyber range

Learn More
  • By organization type
  • By need
  • Solutions overview
  • For business teams
  • For government & contractor teams
  • For MSPs & resellers
  • Security awareness
  • Phishing simulation
  • Technical skill development
  • IT certification
  • Compliance & framework
  • CMMC certification

    2021 Cybersecurity Role & Career Path Clarity Study

    250 security hiring managers share how they fill open roles

    Download Now
    • Cyber Work
    • Webcasts
    • Case studies
    • Reports & whitepapers
    • Blog
    • Community
    • Infosec Inspire
    • Free tools
    • Cyber Work Podcast
    • Cyber Work Applied
    • Infosec Insiders
    • TechExams
    • YouTube
    • LinkedIn
    • Facebook
    • Twitter
    • Phishing Risk Test
    • Security awareness ROI calculator
    • Security awareness training plans
    • Security awareness buyer’s guide

      Free cybersecurity training from industry experts

      Forrester Wave™ graphic

      New episodes every month

      Get Access
      • About us
      • Events & webcasts
      • Careers
      • Scholarships & awards
      • Infosec Gives
      • About us
      • Leadership
      • Newsroom
      • Recognition
      • Industry alliances
      • Infosec Hall of Fame
      • Infosec Security Awareness Awards
      • Infosec Accelerate Scholarship Program

        We’re hiring!

        Join an ambitious team of people who care about making a difference.

        Get To Know Us

        CSIS Top 20 Critical Security Controls Training Boot Camp

        This boot camp helps you master the 20 Important Security Controls as published by the Center for Strategic and International Studies (CSIS).

        Updated December 2020
        93% exam pass rate
        View Pricing Book a Boot Camp

        Learn the CSIS critical security controls

        • 100% Satisfaction Guarantee
        • Unlimited practice exam attempts
        • Five days live, expert CSIS instruction (live online or in-person), plus a day to take the exam
        • Immediate access to Infosec Skills from the minute you enroll to 90 days after your boot camp
        • Learn by doing with 100s of additional hands-on courses and labs
        • 90-day access to all boot camp video replays and materials
        • Knowledge Transfer Guarantee

        About the CSIS 20 Top 20

        The control areas and individual subcontrols described focus on various technical aspects of information security, with a primary goal of supporting organizations in prioritizing their efforts in defending against today’s most common and damaging computer and network attacks. Outside of the technical realm, a comprehensive security program should also take into account numerous additional areas of security, including overall policy, organizational structure, personnel issues (e.g., background checks) and physical security.

        To help maintain focus, the controls in this document do not deal with these important, but non-technical, aspects of information security. Organizations should build a comprehensive approach in these other aspects of security as well, but overall policy, organization, personnel and physical security are outside of the scope of this document.

         

        View full course schedule

        Training overview

        Securing the United States against cyber-attacks has become one of the nation’s highest priorities. To achieve this objective, networks, systems, and the operations teams that support them must vigorously defend against external attacks. Furthermore, for those external attacks that are successful, defenses must be capable of thwarting, detecting and responding to follow-on attacks on internal networks as attackers spread inside a compromised network.

        This group of 20 crucial controls is designed to begin the process of establishing a prioritized baseline of information security measures and controls that can be applied across enterprise environments. Fifteen of these controls can be monitored, at least in part, automatically and continuously. Five controls are essential but do not appear to be able to be monitored continuously or automatically with current technology and practices.

        What you'll learn

        • Defenses should focus on addressing the most common and damaging attack activities occurring today
        • Enterprise environments must ensure consistent controls across an enterprise to effectively negate attacks
        • Defenses should be automated where possible, and periodically or continuously measured using automated measurement techniques where feasible
        • To address current attacks occurring on a frequent basis against numerous organizations, a variety of specific technical activities should be undertaken to produce a more consistent defense

        Who should attend

        • Information security professionals
        • Network administrators
        • System architects and engineers
        • IT and security managers
        • Anyone looking to learn about critical security controls

        Everything you need to learn the Top 20 Critical Security Controls

        • 100% Satisfaction Guarantee
        • 5 days live, expert CSIS instruction (live online or in-person), plus a day to take the exam
        • Immediate access to Infosec Skills from the minute you enroll to 90 days after your boot camp
        • Learn by doing with 100s of additional hands-on courses and labs
        • 90-day access to all boot camp video replays and materials
        • Knowledge Transfer Guarantee
        View Pricing

        CSIS training schedule

        Infosec’s CSIS training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared for your exam — and get certified on your first attempt.

        • Before your boot camp

          • Start learning now. You’ll get immediate access to all the content in Infosec Skills the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.

        • During your boot camp

          • Information Security Overview

            • Mitigating Threats
            • Organizational Security
            • User- and Role-based Security
            • Authentication
            • Peripheral Security
            • Application and Messaging Security
            • Cryptography
            • Public Key Infrastructure
            • Network Security
            •   Ports and Protocols
            •   Wireless Security
            •   Remote Access Security
            •   Vulnerability Testing and Monitoring
            •   Business Continuity

            NIST Overview and SP 800-53


            The Top 20 Controls

            • Inventory of authorized and unauthorized devices
            • Inventory of authorized and unauthorized software
            • Secure configurations for hardware and software on workstations and servers
            • Continuous vulnerability assessment
            • Malware defenses
            • Application software security
            • Wireless device control
            • Data recovery capability
            • Security skills assessment and appropriate training to fill gaps
            • Secure configurations for network devices such as Firewalls, Routers, and Switches
            • Limitation and control of network ports, protocols, and services
            • Controlled use of administrative privileges
            • Boundary defense
            • Maintenance, monitoring, and analysis of security audit logs
            • Controlled access based on the need to know
            • Account monitoring and control
            • Data loss prevention
            • Incident response management
            • Secure network engineering
            • Penetration tests and red team exercises

             

        • After your boot camp

          • Your Infosec Skills access extends 90 days past your boot camp, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.

        Free CSIS training resources

        Latest malware trends are bad news for business

        Adam Kujawa, director of Malwarebytes Labs, discusses the latest Malwarebytes Labs Cybercrime Tactics and Techniques Report, why the report is unlikely to make organizations very happy and how the findings will affect the cybersecurity industry in the years to come.

        Listen Now

        Malware removal and security tips with Malwarebytes

        Michael Sherwood, senior director of technician services at Malwarebytes, talks about Malwarebytes, the group's free malware removal forums and a few other malware-related topics.

        Listen Now

        Vulnerability hunting and ecommerce safety

        Let’s talk about the practice of finding vulnerabilities! For Ted Harrington, Executive Partner of ISE, it’s much more than a job, it’s a life mission. Ted joins the Cyber Work Podcast to discuss being part of the first team to hack the iPhone, as well as thinking like a hacker to avoid being hacked yourself. He also gives advice for people who would rather sell their wares online this holiday season than spend all day thinking about security. The world has been moving in the direction of holiday shopping online for quite some time now, but with things being what they are in 2020, that trend is likely to grow exponentially upward as stores become either closed to the public or only open to a few people at a time for safety. Either way, that means a lot of online transactions, and a lot of juicy targets for cybercriminals.

        Ted Harrington, Executive Partner at ISE is finding new ways to protect digital assets. He's helped companies like Disney, Amazon, Google, Netflix and Adobe fix tens of thousands of security vulnerabilities. His team at ISE is composed of ethical hackers known for being the first to hack the iPhone, where he applies his think-like-a-hacker mentality to constantly adapt to fresh security and software development challenges.

        Listen Now

        Find your boot camp

        Take the course online?
        Learn more about online
        866.471.0059
        • Today
        • Next week
        • Next month
        See additional dates

        Sign up

        Enroll in a boot camp

          See additional dates
          Infosec logo

          Products

          Infosec IQ Security awareness, culture & phishing simulator Infosec Skills Hands-on skill development & boot camps

          Resources

          Cyber Work Blog Infosec Inspire Events & webcasts

          Company

          Contact us About Infosec Careers Newsroom Partners

          Newsletter

          Get the latest news, updates and offers straight to your inbox.
          • ©2021 Infosec, Inc.
            • Trademarks
            • Privacy & Cancellation Policies
          We use cookies to personalize your experience and optimize site functionality. Accept Cookie settings
          Privacy & Cookies Policy

          Infosec cookie notice

          We use cookies to help understand your needs, optimize website functionality and give you the best experience possible. Use this policy to understand how, when and where cookies are stored on your device. 

          Want to know more? Contact [email protected].
          Necessary
          Always Enabled
          This type of cookie helps keep our website functioning. They provide access to account-based features and other secure areas of our site, and do not store information about you that could be used for marketing. This category of cookies cannot be disabled.
          Analytics
          Google Analytics cookies help us understand how visitors use our site. All data collected from Google Analytics is anonymized (including your IP address) and stored by Google on U.S. servers.
          Marketing
          We use this type of cookie to optimize our marketing campaigns. Marketing cookies are delivered by our database when you visit our site, complete a form or open email from us. Information stored in this cookie includes personal information like your name and what pages you view on our site.
          Save & Accept