Free

CIS Top 20 Critical Security Controls

CIS Controls are a prioritized set of actions that protect your organization and data from known cyber-attack vectors. Our CIS Top 20 Critical Security Controls Course aligns to CIS v7.1. Learn about each control, why it’s important to your organization, and how you can help your team implement these best practices.

Start Course Subscribe for Updates Need to train your team? Learn more

Create Free Account Need to train your team? Learn more

Time

intermediate

difficulty

ceu/cpe

Course Content

Introduction

Control 1: Inventory and Control of Hardware Assets

Control 2: Inventory and Control of Software Assets

Control 3: Continuous Vulnerability Management

Control 4: Controlled Use of Administrative Privileges

Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

Control 6: Maintenance, Monitoring, and Analysis of Audit Logs

Control 7: Email and Web Browser Protections

Control 8: Malware Defenses

Control 9: Limitation and Control of Network Ports, Protocols, and Services

Control 10: Data Recovery Capabilities

Control 11: Secure Configuration for Network Devices, Such as Firewalls, Routers, and Switches

Control 12: Boundary Defense

Control 13: Data Protection

Control 14: Controlled Access Based on the Need to Know

Control 15: Wireless Access Control

Control 16: Account Monitoring and Control

Control 17: Implement a Security Awareness and Training Program

Control 18: Application Software Security

Control 19: Incident Response and Management

Control 20: Penetration Tests and Red Team Exercises

What Small and Medium Enterprises (SME) Need to Know about the CIS Controls

Conclusion

Course Assessment

Course Description

These security controls can be combined with frameworks, like NIST SP 800-37 (The NIST Risk Management Framework-RMF) to provide organizations with defense-in-depth best practices.

This course may help prepare students for industry certifications around the CIS Security Controls.The course will cover an overview of each control, map the controls to the NIST Cybersecurity Framework, and students will gain hands-on practice through labs in this course.

Prerequisites

Students should be familiar with common IT and cybersecurity terminology. It is recommended that students have 1-2 years of experience working in the cybersecurity industry.