Building a Security-First Practice with the CIS Controls

Description

This is my most comprehensive overview of the CIS Critical Security Controls, updated for Version 8, and including guidance on all three Implementation Groups (IG1, IG2, and IG3).

The goal of this Course and Practice Kit is to help you jump-start your Security-First Managed Services Practice. Making sure that security is the foundation of your business implies a commitment to transforming your services. Expect to find the following materials in this course:

• Intro & Commentary on the CIS Controls IG1, 2 and 3 (Video and written content)
• Cybersecurity Assessment materials for IG1, 2 and 3 (Assessment Workbook + Report template)
• Policy & Procedures aligned to the CIS Controls (template for IG1)
• Project work described (SOW templates)
• Future updates to the course and materials

Note that this content is meant to be mostly vendor-agnostic. In other words, do not come here for a technical “how-to” on specific Microsoft products. For that, you can buy my courses or guides on those topics.

That having been said, I will share some of my experiences implementing various CIS Controls, which sometimes involves Microsoft products. I will also point out areas where I think Microsoft does not have a good answer. But understand that the framework I am sharing here is flexible enough to allow you to plug in whatever technology and supporting behaviors you want. I will provide the scaffolding and some ideas on how you might build from there, but ultimately it will be up to you to complete this journey.