TRAINING CATEGORIES
(Click Category to List Courses)

42 - IT-S Information Technology - Security and Audit


IT-S 413 - Technical Control Automation using STIG and Compliance with CS Policy and Standard (800-53)

Code Start Date Duration Venue
IT-S 413 16 December 2024 5 Days Istanbul Registration Form Link
IT-S 413 27 January 2025 5 Days Istanbul Registration Form Link
IT-S 413 24 March 2025 5 Days Istanbul Registration Form Link
IT-S 413 19 May 2025 5 Days Istanbul Registration Form Link
IT-S 413 14 July 2025 5 Days Istanbul Registration Form Link
IT-S 413 08 September 2025 5 Days Istanbul Registration Form Link
IT-S 413 03 November 2025 5 Days Istanbul Registration Form Link
IT-S 413 29 December 2025 5 Days Istanbul Registration Form Link
Please contact us for fees

 

Course Description

Organizations rely heavily on the use of information technology (IT) products and services to run their day-to-day activities. Ensuring the security of these products and services is of the utmost importance for the success of the organization. This publication introduces the information security principles that organizations may leverage to understand the information security needs of their respective systems. 

This training covers the NIST Cyber Security Framework and respective IT controls

Course Objectives

  • Create and share a company cybersecurity policy
  • Control who logs on to your network and uses your computers and other devices
  • Use security software to protect data
  • Encrypt sensitive data, at rest and in transit
  • Conduct regular backups of data

Who Should Attend?

  • IT professionals 
  • Network Administrators 
  • Secuiry Analysts 

Course Details/Schedule

Day 1

  • Asset Registration and Risk Assessment
  • NIST Cyber Security Framework
  • NIST RMF (Risk Management Framework)
  • Information Security Risk Management
  • NIST Risk management processes 
  • Asset registration & risk assessment
  • Threats and Vulnerabilities
  • Security Control Selection and Implementation 
  • Compliance and Security Auditing

Day 2

  • CS Policy, Standard and Compliance
  • Cyber Security and information Security Policy
  • NIST 800-53 Control Families and Enhancements
  • Access Control (AC)
  • Awareness and Training (AT)
  • Audit and Accountability (AU)
  • Assessment, Authorization, and Monitoring (CA)
  • Configuration Management (CM)
  • Contingency Planning (CP)
  • Identification and Authentication (IA)
  • Individual Participation (IP)
  • Incident Response (IR)
  • Maintenance (MA)
  • Comparison of ISO27001 with NIST 800-53 controls
  • Asset compliance with CS policy and 800-53 with reporting

Day 3

  • Security Control Automation
  • NIST 800-53 Security Controls Implementation, Assessment, Auditing and Automation 
  • Automating Security Vulnerability Management
  • Automating Security Compliance
  • Automating Security Risk Management
  • Automating Security Threat Intelligence
  • Best Practices for NIST 800-53 Security Controls
  • Security Automation Tools

Day 4

  • STIG Part-I
  • Understanding of Security technical implementation guide (STIG)
  • STIG control profiles selection
  • STIG Severity assignment on controls 
  • Role of security attributes (CIA) controls 
  • STIG profile control addition and removal
  • Control mapping to org policy and implementation on technology 
  • Understanding of following 
  • Control Correlation Identifier (CCI).
  • Policy and Technical
  • Compliance measuring parameter
  • Common Configuration Enumeration (CCE)
  • Common weakness enumeration (CWE)
  • Extensible Configuration Checklist Description Format (XCCDF)
  • Open Checklist Interactive Language (OCIL)
  • Open Vulnerability Assessment Language (OVAL) 

Day 5

  • STIG Part-II
  • Role of Control Correlation identifier (CCI) for implementation of Cyber Security policy 
  • Control implementation and automation
  • Compliance assessment, automation and scoring
  • Correlation between Controls and vulnerability
  • Correlation between vulnerabilities and compliance
  • Correlation between risk management framework (RMF) and STIG
  • Open Source tools for automation/implementation of 800-53
  • Open Source tools for automation/implementation of  STIGs
  • SITG demonstration on Open source tool(Open SCAP and ANISABLE)
  • Automation of device hardening (through STIG files) and auditing with reporting

 

ETABS and SAFE. Training 24 CCE 210 5 SAP 2000. Training 25 CCE 305 5 Quality Assurance in Pavement Construction 26 CCE 401 5 Construction Project Management 27 CCE 402 10 Construction Project Management (10 Days) 28 CCE 403 5 Construction Project Management-Intensive 29 CCE 405 5 Principles of Construction Project Management 30 CCE 406 10 Principles of Construction Project Management (10 Days) 31 CCE 410 10 Construction Project and Risk Management (10 days) 32 CCE 411 5 Project & Contract Management for Marine Construction 33 CCE 412 5 Application of GIS in Construction Management 34 CCE 415 4 Sustainable Water Management Techniques, Innovation and Solution (4 Days) 35 CCE 419 5 Construction Management of Hydraulic Projects 36 CCE 420 5 Water Project Management 37 CCE 421 10 Modern Technologies in the Supervision and Quality Control of Irrigation Projects and Dealing with Contractors (10 Days) 38 CCE 422 5 Rapid Earthquake Hazard Evaluation of Buildings 39 CCE 425 10 Practical Application of Computers in Structural Engineering (10 Days) 40 CCE 428 5 Survey & Profile Using Total Station 41 CCE 430 5 Bridge Construction and Maintenance 42 CCE 435 5 Bridge Inspection and Maintenance 43 CCE-A 410 10 إدارة المشاريع الهندسية -10 أيام
21 - TTC - Transportation and Traffic Control
22 - ADV - Architectural Design and Visualization
23 - SRM - Safety and Occupational Health
24 - CSM - Public Relations, Communication Skills & Office Management
25 - TEM - Training and Education Management
26 - CMR - Customer Relations