By: Hugh Shepherd
June 8, 2020
CIS Top 20 Security Controls Course Review
By: Hugh Shepherd
June 8, 2020
Cybrary’s course on the CIS Top 20 Critical Security Controls is an exceptional training experience. This course provides an overview of the CIS Top 20 Critical Security Controls v7.1. These controls can be used in conjunction with other frameworks, such as NIST’s Cybersecurity Framework and Risk Management Framework, to help provide defense-in-depth best practices.
Developed by the Center for Internet Security, the CIS Top 20 controls are a set of security best practices designed to provide IT security leaders straightforward and easily understood protections to implement to block or mitigate known attacks at their organizations. Per the CIS website, the 20 controls are listed below and prioritized into their respective categories:
Basic CIS Controls:
- Inventory and Control of Hardware Assets
- Inventory and Control of Software Assets
- Continuous Vulnerability Managemen
- Controlled Use of Administrative Privileges
- Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
- Maintenance, Monitoring, and Analysis of Audit Logs
Foundational CIS Controls: 7. Email and Web Browser Protections 8. Malware Defenses 9. Limitation and Control of Network Ports, Protocols and Services 10. Data Recovery Capabilities 11. Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches 12. Boundary Defense 13. Data Protection 14. Controlled Access Based on the Need to Know 15. Wireless Access Contro 16. Account Monitoring and Control
Organizational CIS Controls: 17. Implement a Security Awareness and Training Program 18. Application Software Security 19. Incident Response and Management 20. Penetration Tests and Red Team Exercises
The lectures provide an overview of each CIS control and related sub-controls. Additionally, each CIS control is mapped to the NIST Cybersecurity Framework. Practice labs are also included to give students the opportunity to gain hands-on experience and help reinforce certain concepts. Plus, the key concerns related to applying the CIS controls in small and medium-sized enterprises were discussed. Also included in the course are several study resources, such as a study guide, glossary, step by step lab guides, and quiz questions to help reinforce learning.
This course was very informative and interesting. Learners will gain a more in-depth understanding of the controls and how they can be applied in the real world. This is extremely beneficial because it teaches actionable knowledge for application in real situations.
Cybrary offers numerous other learning resources related to security frameworks and controls.
You can explore and sign-up for more security control and security framework learning resources provided by Cybrary.
Listed below are just a few resources available on the Cybrary website:
This course may help you prepare for certification by:
- Learning common security controls used in infosec
- Learning best practices for applying security controls to small and medium enterprises
- Learning a framework for a consistent and standard approach to securing an organization
Learn CIS Top 20 Security Controls With These Courses: