Free

CIS Critical Security Control 4: Secure Configuration of Enterprise Assets and Software

Welcome to our course series on CIS Top 18 Critical Security Controls v8. In this course covering control 4: Secure Configuration of Enterprise Assets and Software, you'll learn how to implement best practices for managing secure services and disabling insecure ones.
1
32
M
Time
intermediate
difficulty
2
ceu/cpe

Course Content

Why is this Control Critical?

10m

Secure Configuration of Enterprise Assets and Software
Configure Automatic Session Locking on Enterprise Assets

20m

Secure Configuration of Enterprise Assets and Software
Implement and Manage a Firewall on Servers

20m

Secure Configuration of Enterprise Assets and Software
Securely Manage Enterprise Assets and Software

20m

Secure Configuration of Enterprise Assets and Software
Course Description

These security controls can be combined with frameworks, like NIST SP 800-37 (The NIST Risk Management Framework-RMF) to provide organizations with defense-in-depth best practices.

This course will help prepare students for industry certifications around the CIS Security Controls. You will see an overview of each control, map the controls to the NIST Cybersecurity Framework, and gain hands-on practice in secure, scenario-based lab environments.

Prerequisites

This course is designed for IT security professionals who want to expand their knowledge and skills in the area of development and implementation of security controls. Prerequisites include an existing knowledge of networking and knowledge of their organization’s security requirements.

Course Goals

By the end of this course, students should be able to:

  • Explain the concept of security controls
  • Enumerate the eighteen (18) areas of critical security controls
  • * Implement technical security controls related to these areas

    This course is part of a Career Path:
    No items found.

    Instructed by

    Senior Instructor
    Corey Holzer

    My current title is Information Systems Engineer. As part of my quest for self-improvement, I earned multiple degrees including a Ph.D. in Information Security from Purdue (2016); a Master of Science in Networking and Communications Management (2009) and Master in Business Administration (2009) from Keller Graduate School of Management; a Master of Arts (1994) from St. John's University NY. I also hold multiple industry certifications including CISSP, Security+, CNDA, and CEH.

    Growing up in New York City, NY, much of my 13 years of IT work experience in the private sector came while I lived there. My positions included roles from entry-level technician for World Wrestling Entertainment through Lead web developer and Technical Project Manager on several multi-million dollar projects for J. Walter Thompson’s new media division. In 2006, I transitioned over to the public sector. My military career also focuses on Information Technology. In the last 14 years, I filled various technology positions involving systems and network administration, technical project management, and team lead for multiple capability development projects.

    At a young age I discovered my love for technology and computers. It began with figuring out how technology worked by taking it apart. Mom wasn’t happy when she found the remains of my tape recorder in my room. I soon moved on to learning about computers and programming languages. While the term “hacker” has taken on a negative connotation in recent years, I still consider myself a hacker based on the original description of the word when talking about people like Gates and Jobs.

    I first discovered Cybrary last year when I started studying for the CCNA exam. When I learned they needed instructors for various courses, I applied. Mentorship is one of my favorite aspects of the various roles I held in the last few years. Being an instructor affords me more opportunities for mentorship.

    Provider
    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a CIS Critical Security Control 4: Secure Configuration of Enterprise Assets and Software Certificate of Completion