Export or edit this venue...

Hilton Garden Inn Portland Airport

Future events happening here

  • - No events -

Past events that happened here

  • Saturday
    Apr 2 2016
    SEC440: Critical Security Controls: Planning, Implementing and Auditing

    Save $200 if you register by March 2nd. This is a 2 day event, Saturday April 2nd and April 9th. Brian Ventura is a local community instructor for SANS and active with the Portland Chapter of ISSA, ISACA and OWASP.

    This course helps you master specific, proven techniques and tools needed to implement and audit the Critical Security Controls as documented by the Center for Internet Security (CIS). These Critical Security Controls, listed below, are rapidly becoming accepted as the highest priority list of what must be done and proven before anything else at nearly all serious and sensitive organizations. These controls were selected and defined by the US military and other government and private organizations (including NSA, DHS, GAO, and many others) who are the most respected experts on how attacks actually work and what can be done to stop them. They defined these controls as their consensus for the best way to block the known attacks and the best way to help find and mitigate damage from the attacks that get through. For security professionals, the course enables you to see how to put the controls in place in your existing network though effective and widespread use of cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the controls are effectively implemented. SEC440 does not contain any labs. If the student is looking for hands on labs involving the Critical Controls, they should take SEC566.

    The Critical Security Controls are listed below. You will find the full document describing the Critical Security Controls posted at the Center for Internet Security.

    One of the best features of the course is that it uses offense to inform defense. In other words, you will learn about the actual attacks that you'll be stopping or mitigating. That makes the defenses very real, and it makes you a better security professional.

    As a student of the Critical Security Controls two-day course, you'll learn important skills that you can take back to your workplace and use your first day back on the job in implementing and auditing each of the following controls:

    CIS Critical Security Controls

    CSC 1: Inventory of Authorized and Unauthorized Devices

    CSC 2: Inventory of Authorized and Unauthorized Software

    CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

    CSC 4: Continuous Vulnerability Assessment and Remediation

    CSC 5: Controlled Use of Administrative Privileges

    CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs

    CSC 7: Email and Web Browser Protections

    CSC 8: Malware Defenses

    CSC 9: Limitation and Control of Network Ports, Protocols, and Services

    CSC 10: Data Recovery Capability

    CSC 11: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches

    CSC 12: Boundary Defense

    CSC 13: Data Protection

    CSC 14: Controlled Access Based on the Need to Know

    CSC 15: Wireless Access Control

    CSC 16: Account Monitoring and Control

    CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps

    CSC 18: Application Software Security

    CSC 19: Incident Response and Management

    CSC 20: Penetration Tests and Red Team Exercises