CSIS Top 20 Critical Security Controls Training Boot Camp

This boot camp helps you master the 20 Important Security Controls as published by the Center for Strategic and International Studies (CSIS).

Learn the CSIS critical security controls

Boot camp overview

Securing the United States against cyber-attacks has become one of the nation’s highest priorities. To achieve this objective, networks, systems, and the operations teams that support them must vigorously defend against external attacks. Furthermore, for those external attacks that are successful, defenses must be capable of thwarting, detecting and responding to follow-on attacks on internal networks as attackers spread inside a compromised network.

This group of 20 crucial controls is designed to begin the process of establishing a prioritized baseline of information security measures and controls that can be applied across enterprise environments. Fifteen of these controls can be monitored, at least in part, automatically and continuously. Five controls are essential but do not appear to be able to be monitored continuously or automatically with current technology and practices.

What's included?

• Five days of training with an expert instructor
• Infosec digital courseware (physical textbooks available to purchase)
• 90-day access to replays of daily lessons (Flex Pro)
• 100% Satisfaction Guarantee

Course objectives

The guiding principles used in devising these control areas and their associated subcontrols include:

• Defenses should focus on addressing the most common and damaging attack activities occurring today
• Enterprise environments must ensure consistent controls across an enterprise to effectively negate attacks
• Defenses should be automated where possible, and periodically or continuously measured using automated measurement techniques where feasible
• To address current attacks occurring on a frequent basis against numerous organizations, a variety of specific technical activities should be undertaken to produce a more consistent defense

Who should attend?

• Information security professionals
• Network administrators
• System architects and engineers
• IT and security managers
• Anyone looking to learn about critical security controls

About the CSIS 20 Top 20

The control areas and individual subcontrols described focus on various technical aspects of information security, with a primary goal of supporting organizations in prioritizing their efforts in defending against today’s most common and damaging computer and network attacks. Outside of the technical realm, a comprehensive security program should also take into account numerous additional areas of security, including overall policy, organizational structure, personnel issues (e.g., background checks) and physical security.

To help maintain focus, the controls in this document do not deal with these important, but non-technical, aspects of information security. Organizations should build a comprehensive approach in these other aspects of security as well, but overall policy, organization, personnel and physical security are outside of the scope of this document.

Can’t get away for a week?
Learn cybersecurity on-demand.

Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!

• 70+ learning paths
• 500+ courses
• Cloud-hosted cyber ranges and hands-on projects
• Skill assessments and certification practice exams
• Infosec community peer support