SEC566: Implementing and Auditing the Twenty Critical Security Controls – In-Depth
Community Instructor: James Murray, NCCI Holdings, Inc.
Other: 30 CPE/CMU; Laptop Required
Cybersecurity attacks are increasing and evolving so rapidly that is more difficult than ever to prevent and defend against them. Does your organization have an effective method in place to detect, thwart, and monitor external and internal threats to prevent security breaches?
As threats evolve, an organizations security should too. To enable your organization to stay on top of this ever-changing threat scenario, SANS has designed a comprehensive course on how to implement the Twenty Critical Security Controls, a prioritized, risk-based approach to security. Designed by private and public sector experts from around the world, the Controls are the best way to block known attacks and mitigate damage from successful attacks. They have been adopted by the U.S. Department of Homeland Security, state governments, universities, and numerous private firms.
The Controls are specific guidelines that CISOs, CIOs, IGs, systems administrators, and information security personnel can use to manage and measure the effectiveness of their defenses. They are designed to complement existing standards, frameworks, and compliance schemes by prioritizing the most critical threat and highest payoff defenses, while providing a common baseline for action against risks that we all face.
The Controls are an effective security framework because they are based on actual attacks launched regularly against networks. Priority is given to Controls that (1) mitigate known attacks (2) address a wide variety of attacks, and (3) identify and stop attackers early in the compromise cycle.
The British governments Center for the Protection of National Infrastructure describes the Controls as the baseline of high-priority information security measures and controls that can be applied across an organisation in order to improve its cyber defence.
SANS in-depth, hands-on training will teach you how to master the specific techniques and tools needed to implement and audit the Critical Controls. It will help security practitioners understand not only how to stop a threat, but why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats.
The course shows security professionals how to implement the controls in an existing network through cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the Controls are effectively implemented.
Conference, September 16th
Keynote – Mark Weatherford, Principal, The Chertoff Group
Why Targeted ICS Threats Call for Intelligence? – Michael Assante, Director, ICS & SCADA, SANS Institute
Counterintelligence: A Seat At The Table – Ray Batvinis, Professor, The George Washington Unviersity, FBI Supervisory Special Agent (Ret.)
Why Building An Intelligence Team Is Important For Critical Infrastructure Asset Owners – Kristan Wheaton, Associate Professor of Intelligence Studies, Mercyhurst University
Situation Awareness: From Zero To Sector Scale – Ben Miller, Senior Cyber Security Specialist, ES-ISAC
Building Intelligence Infrastructure To Protect Your Critical Infrastructure – Meredith Wilson, Principal Consultant and Advisor, Emergent Risk International
Developing An Internal Threat Intelligence Function – Darin Olton, Principal, Threat & Vulnerability Management
Intel Analyst training, September 17th and 18th:
- Understanding the intelligence challenge for critical infrastructure
- Real time risk management
- Cyber defense competency model
- Intelligence and Situational Awareness
- Situational awareness and intelligence requirements generation and gap analysis
- Situational awareness and threat intelligence tools
- Using OSINT tools to satisfy intelligence requirements
- Getting inside the OODA loop
- Attack Planning and Targeting
- Attacker characterization
- Threat identification
- High value target identification
- OSINT targeting
- Targeting countermeasures
- Creating and Using Situational Awareness and Threat Intelligence
- Attack scenario generation
- Indicator list development
- Review of intelligence management tools
- Analyzing and actioning incoming intelligence
- Review of cyber intelligence providers
- Development of an internal security ontology
- Industrial Control Systems Cyber Threat Environment
- OSINT analysis using ICS knowledge
- OSINT walk-down for ICS-related threat information
- Information Sharing
- Comparison of information received through info-sharing organizations/initiatives
- Infrastructure I&A Competition