Support

Elevate Your Expertise: Learn More, Save More, and Achieve More with Our Exclusive Training Deals!

Course Summary

The CIS Controls (formerly known as the Critical Security Controls) are a set of prioritized cybersecurity best practices designed to protect against today’s most prevalent and severe cyber threats. This program offers training, research, and certification on CIS Controls v8, which was released in May 2021. Version 8 introduces significant changes to the controls ecosystem, ensuring backward compatibility with previous versions and providing a migration path for users transitioning from earlier versions.

Whether you’re using the CIS Controls or another control framework for your security improvement program, it’s important to recognize that a controls list serves as a foundational starting point. With the release of v8, CIS has added new tools and resources to help organizations:

Implement, track, measure, and assess controls effectively
Prioritize controls in response to evolving threats
Justify investments in CIS Controls implementation
Apply best practices for mobile devices and applications
Adapt best practices for cloud environments
Achieve compliance across multiple frameworks with mapped regulatory requirements

Access Control Management
The candidate will be familiar with processes and tools used to create, assign, manage, and revoke access credentials and privileges for user, administrator, and service accounts across enterprise assets and software.

Account Management
The candidate will be familiar with processes and tools for assigning and managing credentials and authorization for accounts accessing enterprise assets and software.

Application Software Security
The candidate will be familiar with processes and tools to manage the security life cycle of in-house developed, hosted, or acquired software, preventing, detecting, and remediating security vulnerabilities before they can impact the enterprise.

Audit Log Management
The candidate will be familiar with processes and tools for collecting, alerting, reviewing, and retaining audit logs to detect, analyze, and recover from attacks.

Background on CIS Controls, Standards, and Governance
The candidate will understand the background, history, and purpose of the CIS Controls, key Security Standards, and Governance of Security Programs. The GIAC Critical Controls Certification exam aligns with CIS Controls v8.0.

Continuous Vulnerability Management
The candidate will be familiar with processes and tools for continuously assessing, tracking, and remediating vulnerabilities across all enterprise assets, and monitoring sources for new threat and vulnerability information.

Data Protection
The candidate will be familiar with processes and technical controls for identifying, classifying, securely handling, retaining, and disposing of data.

Data Recovery
The candidate will be familiar with processes and tools for establishing and maintaining data recovery practices to restore enterprise assets to a trusted pre-incident state.

Email and Web Browser Protections
The candidate will be familiar with processes and tools to defend email and web traffic from threats aiming to manipulate human behavior through direct engagement.

Incident Response Management
The candidate will be familiar with processes and tools to develop and maintain an incident response program for preparing, detecting, and quickly responding to attacks.

Inventory and Control of Enterprise Assets
The candidate will be familiar with processes and tools for actively managing the inventory of enterprise assets and associated data throughout their life cycles.

Inventory and Control of Software Assets
The candidate will be familiar with processes and tools for managing software on the network, ensuring only authorized software is installed and executable, while preventing unauthorized or unmanaged software.

Malware Defenses
The candidate will be familiar with processes and tools to prevent or control the installation, spread, and execution of malicious software on enterprise assets.

Network Infrastructure Management
The candidate will be familiar with processes and tools for establishing, implementing, and managing network devices to prevent exploitation of vulnerable network services and access points.

Network Monitoring and Defense
The candidate will be familiar with processes and tools for maintaining comprehensive network monitoring and defense against security threats across the enterprise’s network infrastructure and user base.

Penetration Testing
The candidate will be familiar with processes and tools for testing the effectiveness and resilience of enterprise assets by identifying and exploiting weaknesses in controls, simulating attacker tactics.

Secure Configuration of Enterprise Assets and Software
The candidate will be familiar with processes and tools for establishing and maintaining secure configurations for enterprise assets and software.

Security Awareness and Skills Training
The candidate will be familiar with processes for creating and maintaining a security awareness program to enhance the workforce’s security knowledge and skills, reducing cybersecurity risks to the enterprise.

Service Provider Management
The candidate will be familiar with processes for evaluating service providers who manage sensitive data or critical IT platforms to ensure they are safeguarding those platforms and data effectively.

There are currently no prerequisites for this course.

proctored exam 75 questions 2 hours Minimum passing score of 71%

Following your booking, a confirmation message will be sent to all participants, ensuring you're well-informed of your successful enrollment. Calendar placeholders will also be dispatched to assist you in scheduling your commitments around the course. Rest assured, all course materials and access to necessary labs or platforms will be provided no later than one week before the course begins, allowing you ample time to prepare and engage fully with the learning experience ahead.

Our comprehensive training package includes all the necessary materials and resources to facilitate a full learning experience. Enrollees will be provided with detailed course content, encompassing a wide array of topics to ensure a thorough understanding of the subject matter. Additionally, participants will receive a certificate of completion to recognize their dedication and hard work. It's important to note that while the course fee covers all training materials and experiences, the examination fee for certification is not included but can be purchased separately.
Send as a Prefilled Cart
Request Custom Delivery

Questions About This Course?







    Other Popular Courses

    CompTIA: SecurityX
    • Duration: 5 Days
    • Language: English
    • Level: Advanced
    • Exam: CAS-005
    Course Details This product has multiple variants. The options may be chosen on the product page
    Dates & Details
    Executive Cyber Risk Certification (ECRC)
    • Duration: 2 Days
    • Language: English
    • Level: Advanced
    • Exam: ECRC
    Course Details This product has multiple variants. The options may be chosen on the product page
    Dates & Details
    Mastering Communication & Presentation Te...
    • Duration: 5 Days
    • Language: Danish
    • Level: Intermediate
    • Exam: MCPT
    Course Details This product has multiple variants. The options may be chosen on the product page
    Dates & Details