Ready to Start Your Career?

CIS Top 20 Security Controls Course Review

Hugh Shepherd's profile image

By: Hugh Shepherd

June 8, 2020

Cybrary’s course on the CIS Top 20 Critical Security Controls is an exceptional training experience. This course provides an overview of the CIS Top 20 Critical Security Controls v7.1. These controls can be used in conjunction with other frameworks, such as NIST’s Cybersecurity Framework and Risk Management Framework, to help provide defense-in-depth best practices.

Developed by the Center for Internet Security, the CIS Top 20 controls are a set of security best practices designed to provide IT security leaders straightforward and easily understood protections to implement to block or mitigate known attacks at their organizations. Per the CIS website, the 20 controls are listed below and prioritized into their respective categories:

Basic CIS Controls:

  1. Inventory and Control of Hardware Assets
  2. Inventory and Control of Software Assets
  3. Continuous Vulnerability Managemen
  4. Controlled Use of Administrative Privileges
  5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  6. Maintenance, Monitoring, and Analysis of Audit Logs

Foundational CIS Controls: 7. Email and Web Browser Protections 8. Malware Defenses 9. Limitation and Control of Network Ports, Protocols and Services 10. Data Recovery Capabilities 11. Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches 12. Boundary Defense 13. Data Protection 14. Controlled Access Based on the Need to Know 15. Wireless Access Contro 16. Account Monitoring and Control

Organizational CIS Controls: 17. Implement a Security Awareness and Training Program 18. Application Software Security 19. Incident Response and Management 20. Penetration Tests and Red Team Exercises

The lectures provide an overview of each CIS control and related sub-controls. Additionally, each CIS control is mapped to the NIST Cybersecurity Framework. Practice labs are also included to give students the opportunity to gain hands-on experience and help reinforce certain concepts. Plus, the key concerns related to applying the CIS controls in small and medium-sized enterprises were discussed. Also included in the course are several study resources, such as a study guide, glossary, step by step lab guides, and quiz questions to help reinforce learning.

This course was very informative and interesting. Learners will gain a more in-depth understanding of the controls and how they can be applied in the real world. This is extremely beneficial because it teaches actionable knowledge for application in real situations.

Cybrary offers numerous other learning resources related to security frameworks and controls.

You can explore and sign-up for more security control and security framework learning resources provided by Cybrary.

Listed below are just a few resources available on the Cybrary website:

50 CISO Security Controls Executive RMF NIST 800-53: Introduction to Security and Privacy Controls

This course may help you prepare for certification by:

  • Learning common security controls used in infosec
  • Learning best practices for applying security controls to small and medium enterprises
  • Learning a framework for a consistent and standard approach to securing an organization

Schedule Demo