Managing Information Security Risk with CIS Controls
Вставка
- Опубліковано 29 лис 2024
- The Information Security industry has a large variety of solutions to stop attackers in their tracks! They claim to have tools to address every type of attack, and solutions that are silver bullets against all attackers. The current trends say machine learning and AI will solve our latest problems. Yet year over year more attacks are successful and become more damaging as organizations leverage and continue to rely on technology to run the business. Following the industry trends can accumulate interesting technologies designed to stop and alert on adversaries. These solutions are powerful and even cutting-edge, yet the adversary finds a way around or through.
CIS Controls are a different approach, starting with the actual attacks occurring today and in the future. CIS Controls provide a threat-focused prioritization to build a strong information security foundation and reduce business risks. CIS Controls align with existing trends and security focuses like Zero Trust, Automation and Orchestration, leveraging Machine Learning and Artificial Intelligence. The controls add a layer of measurement and metrics to provide the business information security risk information.
LEARNING OBJECTIVES:
Prioritize defenses based on the CIS Controls to address the most common and damaging attacks
Measure control effectiveness to report back to business lines based on real-world threats.
Map controls between compliance, regulation and framework requirements
Understand the CIS Controls and effectiveness against Mitre ATT&CK techniques leveraging CDM
Identify how to map controls between compliance, regulation and security frameworks leveraging CIS Navigator
Utilize CIS tools to measure the security program, per-control
Track risks and prioritize mitigation leveraging CIS-RAM
The content from this webcast supports SEC566: Implementing and Auditing CIS Controls, www.sans.org/c...
About the Speaker:
Brian Ventura has more than 20 years of industry experience with a diverse background including working in large, international organizations building global solutions, small-medium businesses providing all IT support, and government and private sector. Currently an Information Security Architect with the City of Portland, Oregon, he focuses on enterprise information security governance, risk and compliance. Brian has taught a variety of SANS courses over the years and is the author of SEC566: Implementing and Auditing CIS Controls. Read more about Brian, www.sans.org/p...
Learn more about SANS Cybersecurity Leadership Curriculum at www.sans.org/cybersercurity-leadership
Connect with us on social:
LinkedIn - SANS Security Leadership
Twitter - @secleadership
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.
