Skip Ribbon Commands
Skip to main content

IS20 - IS20 Security Controls3

Price:

Duration: 3 Days

Audience:

Level:

Technology:

Delivery Method:

Software Assurance Value:

Microsoft CPE:

Course Information

Course Description

The IS 20 Controls course covers proven general controls and methodologies that are used to execute and analyze the Top Twenty Most Critical Security Controls. This course allows the security professional to see how to implement controls in their existing network(s) though highly effective and economical automation. For management, this training is the best way to distinguish how you’ll assess whether these security controls are effectively being administered or if they are falling short to industry standards. 

Nearly all organizations containing sensitive information are adopting and implementing the most critical security controls as the highest priority list. These controls were chosen by leading government and private organizations who are experts on how compromised networks/systems evolve and how to mitigate and prevent them from happening. These leading security experts chose the best of breed controls needed to block known incidents as well as alleviate any damage from successful attacks. Ultimately, the implementation of these Top 20 Controls will ensure best efforts to drastically decrease the overall cost of security while improving both the efficiency and effectiveness of it.


Course Objectives

Upon completion, the IS20 Security Controls candidate will be able to not only competently take the IS20 Controls exam but will also have understanding how to implement the top 20 most critical controls in the work place. 

Course Audience

  • Information assurance managers/auditors
  • System implementers/administrators
  • Network security engineers
  • IT administrators
  • Auditors/auditees
  • DoD personnel/contractors
  • Federal agencies/clients
  • Security vendors and consulting groups looking to stay current with frameworks for information assurance

Course Outline

  • Course Introduction
  • Critical Control 1: Inventory of Authorized and Unauthorized Devices
  • Critical Control 2: Inventory of Authorized and Unauthorized Software
  • Critical Control 3: Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers
  • Critical Control 4: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
  • Critical Control 5: Boundary Defence
  • Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs

 

  • Critical Control 7: Application Software Security
  • Critical Control 8: Controlled Use of Administrative Privileges
  • Critical Control 9: Controlled Access Based on Need to Know
  • Critical Control 10: Continuous Vulnerability Assessment and Remediation
  • Critical Control 11: Account Monitoring and Control
  • Critical Control 12: Malware Defences
  • Critical Control 13: Limitation and Control of Network Ports, Protocols, and Services
  • Critical Control 14: Wireless Device Control
  • Critical Control 15: Data Loss Prevention
  • Critical Control 16: Secure Network Engineering
  • Critical Control 17: Penetration Tests and Red Team Exercises
  • Critical Control 18: Incident Response Capability
  • Critical Control 19: Data Recovery Capability
  • Critical Control 20: Security Skills Assessment and Appropriate Training to Fill Gaps

Course Prerequisites

A basic understanding of networking and security technologies 

Course Schedule
This course is not scheduled yet.