(Click Category to List Courses)
42 - IT-S Information Technology - Security and Audit
IT-S 413 - Technical Control Automation using STIG and Compliance with CS Policy and Standard (800-53)
Code | Start Date | Duration | Venue | |
---|---|---|---|---|
IT-S 413 | 16 December 2024 | 5 Days | Istanbul | Registration Form Link |
IT-S 413 | 27 January 2025 | 5 Days | Istanbul | Registration Form Link |
IT-S 413 | 24 March 2025 | 5 Days | Istanbul | Registration Form Link |
IT-S 413 | 19 May 2025 | 5 Days | Istanbul | Registration Form Link |
IT-S 413 | 14 July 2025 | 5 Days | Istanbul | Registration Form Link |
IT-S 413 | 08 September 2025 | 5 Days | Istanbul | Registration Form Link |
IT-S 413 | 03 November 2025 | 5 Days | Istanbul | Registration Form Link |
IT-S 413 | 29 December 2025 | 5 Days | Istanbul | Registration Form Link |
Course Description
Organizations rely heavily on the use of information technology (IT) products and services to run their day-to-day activities. Ensuring the security of these products and services is of the utmost importance for the success of the organization. This publication introduces the information security principles that organizations may leverage to understand the information security needs of their respective systems.
This training covers the NIST Cyber Security Framework and respective IT controls
Course Objectives
- Create and share a company cybersecurity policy
- Control who logs on to your network and uses your computers and other devices
- Use security software to protect data
- Encrypt sensitive data, at rest and in transit
- Conduct regular backups of data
Who Should Attend?
- IT professionals
- Network Administrators
- Secuiry Analysts
Course Details/Schedule
Day 1
- Asset Registration and Risk Assessment
- NIST Cyber Security Framework
- NIST RMF (Risk Management Framework)
- Information Security Risk Management
- NIST Risk management processes
- Asset registration & risk assessment
- Threats and Vulnerabilities
- Security Control Selection and Implementation
- Compliance and Security Auditing
Day 2
- CS Policy, Standard and Compliance
- Cyber Security and information Security Policy
- NIST 800-53 Control Families and Enhancements
- Access Control (AC)
- Awareness and Training (AT)
- Audit and Accountability (AU)
- Assessment, Authorization, and Monitoring (CA)
- Configuration Management (CM)
- Contingency Planning (CP)
- Identification and Authentication (IA)
- Individual Participation (IP)
- Incident Response (IR)
- Maintenance (MA)
- Comparison of ISO27001 with NIST 800-53 controls
- Asset compliance with CS policy and 800-53 with reporting
Day 3
- Security Control Automation
- NIST 800-53 Security Controls Implementation, Assessment, Auditing and Automation
- Automating Security Vulnerability Management
- Automating Security Compliance
- Automating Security Risk Management
- Automating Security Threat Intelligence
- Best Practices for NIST 800-53 Security Controls
- Security Automation Tools
Day 4
- STIG Part-I
- Understanding of Security technical implementation guide (STIG)
- STIG control profiles selection
- STIG Severity assignment on controls
- Role of security attributes (CIA) controls
- STIG profile control addition and removal
- Control mapping to org policy and implementation on technology
- Understanding of following
- Control Correlation Identifier (CCI).
- Policy and Technical
- Compliance measuring parameter
- Common Configuration Enumeration (CCE)
- Common weakness enumeration (CWE)
- Extensible Configuration Checklist Description Format (XCCDF)
- Open Checklist Interactive Language (OCIL)
- Open Vulnerability Assessment Language (OVAL)
Day 5
- STIG Part-II
- Role of Control Correlation identifier (CCI) for implementation of Cyber Security policy
- Control implementation and automation
- Compliance assessment, automation and scoring
- Correlation between Controls and vulnerability
- Correlation between vulnerabilities and compliance
- Correlation between risk management framework (RMF) and STIG
- Open Source tools for automation/implementation of 800-53
- Open Source tools for automation/implementation of STIGs
- SITG demonstration on Open source tool(Open SCAP and ANISABLE)
- Automation of device hardening (through STIG files) and auditing with reporting