(Click Category to List Courses)

42 - IT-S Information Technology - Security and Audit

IT-S 500 - Technical Control Automation using STIG and Compliance with CS Policy and Standard (800-53)

Please contact us for fees


Course Description

Organizations rely heavily on the use of information technology (IT) products and services to run their day-to-day activities. Ensuring the security of these products and services is of the utmost importance for the success of the organization. This publication introduces the information security principles that organizations may leverage to understand the information security needs of their respective systems. 

This training covers the NIST Cyber Security Framework and respective IT controls

Course Objectives

  • Create and share a company cybersecurity policy
  • Control who logs on to your network and uses your computers and other devices
  • Use security software to protect data
  • Encrypt sensitive data, at rest and in transit
  • Conduct regular backups of data

Who Should Attend?

  • IT professionals 
  • Network Administrators 
  • Secuiry Analysts 

Course Details/Schedule

Day 1

  • Introduction to NIST Cybersecurity Controls
  • Elements of Information Security
  • Roles and Responsibilities
  • Threats and Vulnerabilities: A Brief Overview

Day 2

  • Information Security Policy
  • Information Security Risk Management
  • Assurance
  • Authorization
  • Security Engineering
  • Operational Assurance
  • Interdependencies
  • Cost Considerations

Day 3

  • Security Considerations in System Support and Operations
  • User Support
  • Software Support
  • Configuration Management
  • Backups
  • Media Controls
  • Documentation
  • Maintenance
  • Interdependencies
  • Cost Considerations
  • Cryptography
  • Uses 
  • Implementation Issues

Day 4

  • Control Families
  • Access Control (AC)
  • Awareness and Training (AT)
  • Audit and Accountability (AU)
  • Assessment, Authorization, and Monitoring (CA)
  • Configuration Management (CM)
  • Contingency Planning (CP)
  • Identification and Authentication (IA)
  • Individual Participation (IP)
  • Incident Response (IR)
  • Maintenance (MA)
  • Asset registration & risk assessment
  • Asset compliance with CS policy and 800-53 with reporting
  • Automation of device hardening (through STIG files) and auditing with reporting

Day 5

  • STIG
  • Applications
  • Cloud networks
  • Mobile devices
  • Operating systems
  • Browsers
  • Routers and servers
  • Networks
  • Network devices