The 20 Critical Security Controls by CIS or the Center For Information Security are a recognized set of best practices that you can use in your organization.

The CIS 20 were designed to be followed by organizations of all sizes - from small business to large enterprise.

In this crash course, we look through each control in the framework and what they require.

Our full course inside the academy will additionally walk your through tools and processes.

Chapters

0:00 Introduction
1:16 Implementation Groups
6:34 Control 1 - Hardware Inventory
10:25 Control 2 - Software Inventory
14:00 Control 3 - Vulnerability Management
17:11 Control 4 - Controlled Use of Administrative Privileges
22:05 Control 5 - Hardware Configuration
24:34 Control 6 - Monitoring of Audit Logs
28:11 Control 7 - Email & Browser Protection
30:37 Control 8 - Malware Defense
32:45 Control 9 - Network Ports, Protocols, and Services
33:43 Control 10 - Data Recovery
34:54 Control 11 - Configuration of Network Devices
36:15 Control 12 - Boundary Defense
38:20 Control 13 - Data Protection
40:52 Control 14 - Need To Know Access
42:19 Control 15 - Wireless Security
44:06 Control 16 - Account Monitoring & Control
47:49 Control 17 - Security Awareness Training
50:10 Control 18 - Application Software Security
51:40 Control 19 - Incident Response & Management
53:45 Control 20 - Penetration Testing