SEC566: Implementing and Auditing the Twenty Critical Security Controls - In-Depth

A session at SANS Security West 2013

In the last couple of years it has become obvious that in the world of information security, the offense is outperforming the defense. Even though budgets increase and management pays more attention to the risks of data loss and system penetration, data is still being lost and systems are still being penetrated. Over and over people are asking, "What can we practically do to protect our information?" The answer has come in the form of 20 information assurance controls known as the Consensus Audit Guidelines (CAG).

This course has been written to help those implementing or deploying a strategy for information assurance in their agency or organization by enabling them to better understand these guidelines. Specifically the course has been designed in the spirit of the offense teaching the defense to help security practitioners understand not only what to do to stop a threat, but why the threat exists and how later to audit to ensure that the organization is indeed in compliance with their standards.

At the end of Audit 566, students should better understand:

How to create a strategy for successfully defending their data
How to implement controls to prevent data from being compromised
How to audit systems to ensure compliance with the standard
And in SANS style, this course will not only provide a framework for better understanding, but will give you a hands-on approach to learning these objectives to ensure that what you learn today, you'll be able to put into practice in your organization tomorrow.

This course helps you master specific, proven techniques and tools needed to implement and audit the Top Twenty Most Critical Security Controls. These Top 20 Security Controls, listed below, are rapidly becoming accepted as the highest priority list of what must be done and proven before anything else at nearly all security-conscious organizations.

The US military and other government and private organizations, including the National Security Agency (NSA), Department of Homeland Security (DHS), and the U.S. Government Accountability Office (GAO) defined these top 20 controls as their consensus for the best way to block the known attacks and help find and mitigate damage from the attacks that get through.

For security professionals, the course enables you to see how to put the controls in place in your existing network though the effective and widespread use of cost-effective automation. For auditors, CIOs, and risk officers the course is the best way to understand how you will measure whether the Top 20 controls are effectively implemented. It closely reflects the Top 20 Critical Security Controls.

About the speaker

This person is speaking at this event.
James Tarala

CyberSecurity Consultant & IS Auditor with Enclave Security. Senior SANS Instructor & Audit Curriculum Author. bio from Twitter

Sign in to add slides, notes or videos to this session

Tell your friends!


Date Thu 9th May 2013

Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session