Today we are in Washington D.C. teaching a new SANS Class based upon the Consensus Audit Guidelines (CAG) Critical Security Controls. We are very excited that the debut run sold out this week. Dr. Eric Cole in conjunction with the team at Enclave Security have been writing and fine tuning the class since February, and students provided some great feedback on the “rollup your shelves and earn some quick wins” methodology of this class.
What Makes These 20 Controls so Important?
The 20 critical controls consensus guideline was drawn up from those cyber warriors on the front lines. Federal CIOs and CISOs with direct knowledge of recent cyber attacks, Department of Defense (DoD) Blue Team members who have performed incident response efforts after cyber attacks, the FBI, DoD Red Team members who practice offensive security maneuvers to gain access to systems, as well as civilian penetration testers and experts have all contributed their expertise to this effort. These 20 controls are the high priority techniques for defending against real world, ongoing attacks.
What kind of students are in class this week?
Our students this week have a wealth of information security knowledge ranging from auditors to administrators, analysts to implementers. While each student has his and her own reasons for being in the class, the proverb rings true for them: “Give a man a fish; you have fed him for today. Teach a man to fish; and you have fed him for a lifetime.” This class provides the tools, checklists and anecdotal stories to help secure your organizations from attack.
What were some of the highlights from today?
- Advanced Persistent Threats (APT) describes sophisticated and organized cyber attacks to compromise networks, implant malware, and to maintain long term access to compromised systems. These are not one time attacks from script kiddies. These are dedicated operations to compromise networks.
- Each control has built-in levels from Quick Wins-tools and techniques to Advanced Tools and techniques for highly sophisticated security organizations. No matter where each company falls on the security spectrum, there are tools and checklists to further secure the systems.
- Quick Wins can be achieved with free tools and checklists when you have time and people to test them. Commercial tools are powerful, and while they might be expensive, they may take less labor hours to test and implement.
- Egress filtering and traffic analysis is just as important as ingress filtering. Egress traffic may contain information about compromised internal systems.
Thanks to all of our students today. We appreciate your thought provoking questions today!