What Are Your Most Vulnerable Assets?
While the vendor market continues to provide solutions that solve our information security issues, breaches still occur. Many of these products reduce risks by preventing or detecting threats. However, organizations still fail at the most basic aspects of their security posture. That’s why the CIS Controls are designed to provide the base level, critical controls that can be implemented in any organization’s network. Having a good inventory of devices is the first control. Without this inventory, patching, for example, is ineffective. The inventory must include all devices. Common devices found on most networks include cameras, switches, and routers, and are often overlooked when applying security controls. A solid information security foundation is critical to an organization’s cybersecurity, and the CIS Controls provide organizations the means to build this critical foundation.*csoonline.com article reference
Free Cybersecurity Leadership Resources
Managing Information Security Risks with CIS Controls | Webcast
Brian Ventura shares how to prioritize defenses based on the CIS Controls, measure control effectiveness, map controls between compliance, regulation and framework requirements, and understand the CIS Controls and their effectiveness against Mitre ATT&CK techniques leveraging CDM. Register Here
Looking Ahead to the National Cybersecurity Strategy Implementation Plan | Webcast
Wednesday, November 8 at 1:00pm ET | 1800 UTC
Uncover how organizations can prepare for the National Cybersecurity Strategy Implementation Plan (NCSIP) released by the White House in March 2023. Register for this upcoming webcast to receive first access to the full report written by Matt Bromiley. Register Here
What You Need to Know About the SEC Cybersecurity Mandate, Part of the SANS Compliance Countdown Series | Webcast
Thursday, 16 Nov 2023 10:30AM EST | 15:30 UTC
Come learn from Luna Bloom , Chief of the Office of Rulemaking in the U.S. Securities and Exchange Commission’s Division of Corporation Finance, on what you need to know about reporting and how to get your organization up to speed on the upcoming disclosure requirements. Have your questions answered to make sure you are prepared to comply with the new requirements by December 18th. Register Here
Free Resource: Collective Risk Model
This is the first official and formal release of a simple, practical model that the community can use as a model for managing cybersecurity risks. A repository for the community with straight forward language and a readily accessible roadmap to begin managing cybersecurity risks. Learn More
Brought to you by Enclave Security and SANS Senior Instructor, James Tarala .
Applicable Leadership Training and Certification
SEC566: Implementing & Auditing CIS Controls
High-profile cybersecurity attacks indicate that offensive attacks are outperforming defensive measures. Cybersecurity engineers, auditors, privacy, and compliance team members are asking how they can practically protect and defend their systems and data and how they should implement a prioritized list of cybersecurity hygiene controls.?Watch a Free Course Preview
GIAC Critical Controls Certification (GCCC)
This certification is based on the CIS Controls, a prioritized, risk-based approach to security. This certification ensures that candidates have the knowledge and skills to implement and execute the CIS Controls recommended by the Center for Internet Security and perform audits based on the standard. Learn More
Operational Cybersecurity Executive Triad?
Information Assurance Engineers, Auditors, SOC Analysts, Cybersecurity Managers, and CISOs need more to better defend an organization’s data systems. The SANS Operational Cybersecurity Executive triad is here to provide CISO training to help you build, grow, and sharpen your cyber defense team. Learn More
NEW! LDR419: Performing a Cybersecurity Risk Assessment
Gain the knowledge, tools, and templates you need to return to your office and perform a meaningful cybersecurity risk assessment, communicate the results to business stakeholders, and productively respond to identified risks applicable to your organization. Learn More
SANS Cybersecurity Leadership Curriculum | Preview SANS Courses | Connect with Our Solutions Team | Join the SANS Community