BEGIN:VCALENDAR PRODID;X-RICAL-TZSOURCE=TZINFO:-//Calagator//EN CALSCALE:GREGORIAN X-WR-CALNAME:Calagator METHOD:PUBLISH VERSION:2.0 BEGIN:VTIMEZONE TZID;X-RICAL-TZSOURCE=TZINFO:America/Los_Angeles BEGIN:DAYLIGHT DTSTART:20160313T020000 RDATE:20160313T020000 TZOFFSETFROM:-0800 TZOFFSETTO:-0700 TZNAME:PDT END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT CREATED;VALUE=DATE-TIME:20160206T173218Z DTEND;TZID=America/Los_Angeles;VALUE=DATE-TIME:20160402T170000 DTSTART;TZID=America/Los_Angeles;VALUE=DATE-TIME:20160402T090000 DTSTAMP;VALUE=DATE-TIME:20160206T173218Z LAST-MODIFIED;VALUE=DATE-TIME:20160206T173557Z UID:http://calagator.org/events/1250469771 DESCRIPTION:Save $200 if you register by March 2nd. This is a 2 day event \, Saturday April 2nd and April 9th. Brian Ventura is a local community instructor for SANS and active with the Portland Chapter of ISSA\, ISACA and OWASP. \;\n \;\nThis course helps you master specific\, prove n techniques and tools needed to implement and audit the Critical Securi ty Controls as documented by the Center for Internet Security (CIS). The se Critical Security Controls\, listed below\, are rapidly becoming acce pted as the highest priority list of what must be done and proven before anything else at nearly all serious and sensitive organizations. These controls were selected and defined by the US military and other governme nt and private organizations (including NSA\, DHS\, GAO\, and many other s) who are the most respected experts on how attacks actually work and w hat can be done to stop them. They defined these controls as their conse nsus for the best way to block the known attacks and the best way to hel p find and mitigate damage from the attacks that get through. For securi ty professionals\, the course enables you to see how to put the controls in place in your existing network though effective and widespread use o f cost-effective automation. For auditors\, CIOs\, and risk officers\, t he course is the best way to understand how you will measure whether the controls are effectively implemented. SEC440 does not contain any labs. If the student is looking for hands on labs involving the Critical Cont rols\, they should take SEC566. \;\n \;\nThe Critical Security Con trols are listed below. You will find the full document describing the C ritical Security Controls posted at the Center for Internet Security. 3\;\n \;\nOne of the best features of the course is that it uses offe nse to inform defense. In other words\, you will learn about the actual attacks that you'll be stopping or mitigating. That makes the defenses v ery real\, and it makes you a better security professional. \;\n \ ;\nAs a student of the Critical Security Controls two-day course\, you'l l learn important skills that you can take back to your workplace and us e your first day back on the job in implementing and auditing each of th e following controls: \;\n \;\nCIS Critical Security Controls \ ;\n \;\nCSC 1: Inventory of Authorized and Unauthorized Devices \; \n \;\nCSC 2: Inventory of Authorized and Unauthorized Software \; \n \;\nCSC 3: Secure Configurations for Hardware and Software on Mobi le Devices\, Laptops\, Workstations\, and Servers \;\n \;\nCSC 4: Continuous Vulnerability Assessment and Remediation \;\n \;\nCSC 5 : Controlled Use of Administrative Privileges \;\n \;\nCSC 6: Main tenance\, Monitoring\, and Analysis of Audit Logs \;\n \;\nCSC 7: Email and Web Browser Protections \;\n \;\nCSC 8: Malware Defenses \;\n \;\nCSC 9: Limitation and Control of Network Ports\, Protoco ls\, and Services \;\n \;\nCSC 10: Data Recovery Capability \;\ n \;\nCSC 11: Secure Configurations for Network Devices such as Firew alls\, Routers\, and Switches \;\n \;\nCSC 12: Boundary Defense 3\;\n \;\nCSC 13: Data Protection \;\n \;\nCSC 14: Controlled A ccess Based on the Need to Know \;\n \;\nCSC 15: Wireless Access C ontrol \;\n \;\nCSC 16: Account Monitoring and Control \;\n \;\nCSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps \;\n \;\nCSC 18: Application Software Security \;\n \;\ nCSC 19: Incident Response and Management \;\n \;\nCSC 20: Penetra tion Tests and Red Team Exercises\n\nImported from: http://calagator.org /events/1250469771 URL:https://www.sans.org/community/event/sec440-portland-02apr2016-brian- ventura SUMMARY:SEC440: Critical Security Controls: Planning\, Implementing and A uditing LOCATION:Hilton Garden Inn Portland Airport: false SEQUENCE:3 END:VEVENT END:VCALENDAR