Course Code: 2396

IS 20 Controls - Information Systems 20 Controls

Class Dates:
3 Days
Class Time:
Instructor-Led Training, Virtual Instructor-Led Training


  • Course Overview
  • This 3 - day Information Systems 20 Controls certification course covers the most important security controls and their methodologies as outlined by the US Department of Defense and other major players in the cyber security sector that understand how attacks work and what needs to be done to prevent them. Students are trained to improve security in networks by implementing the top 20 security controls; when it comes to security controls, prevention is ideal but detection is a must—the top 20 controls do both. Our instructors have real-world experience and will show you the value of what you are learning in proprietary case studies. As a result of this course and exam, attentive students are prepared to be leaders of future security projects, because they will have a plan for exactly what needs to be done in securing a network.
    24 CPE Credits
  • Audience
  • Professional Roles: Security Consultant/Analyst
    Penetration Tester
    Security Forensics Expert
    Network Security Engineer


  • Prerequisites: C)ISSO: Information Systems Security Officer
    Or equivalent security/networking experience
    Related Certification:
    C)PTE: Penetration Testing Engineer

Course Details

  • Upon Completion
  • Have knowledge of the top 20 critical security controls.
  • Have knowledge to implement the top 20 security controls.
  • Be ready to sit for the Mile 2 IS20 Certification Exam
  • ?Be ready to sit for SANS Institute Security 440 Certification Examination
  • Course Content
  • Inventory of Authorized & Unauthorized Devices
  • Inventory of Authorized & Unauthorized Software
  • Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers
  • Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
  • Boundary Defense
  • Maintenance, Monitoring, and Analysis of Audit Logs
  • Application Software Security
  • Controlled Use of Administrative Privileges
  • Controlled Access Based on Need to Know
  • Continuous Vulnerability Assessment and Remediation
  • Account Monitoring and Control
  • Malware Defenses
  • .
  • Limitation & Control of Network Ports, Protocols & Services
  • Wireless Device Control
  • Data Loss Prevention
  • Secure Network Engineering
  • Penetration Tests & Red Team Exercises
  • Data Recovery Capability
  • Security Skills Assessment
  • Training Options
  • Instructor-led: Traditional classroom setting
  • Live-virtual Training: Connect remotely to the class being taught live.