Skip Ribbon Commands
Skip to main content

IS2C - Information Systems 20 Controls


Duration: 3 Days




Delivery Method:

Software Assurance Value:

Microsoft CPE:

Course Information

Course Description

​The Information Systems 20 Controls certification course covers the most important security controls and their methodologies as outlined by the US Department of Defense, and other major players in the cyber security sector that understand how attacks work and what needs to be done to prevent them. 

Students are trained to improve security in networks by implementing the top 20 security controls.  When it comes to security controls, prevention is ideal but detection is a must—the Information Systems 20 Controls course does both. 

Our industry-respected instructors have real-world experience, and will lead the discussions and demonstrations via proprietary case studies.  Upon successful completion of the IS20 course and exam, students will be prepared to serve as leaders for future security projects.

Course Objectives

​Upon CompletionStudents will:

Have knowledge of the top 20 critical security controls.

Have knowledge to implement the top 20 security controls.

Be ready to sit for the Mile 2 IS20 Certification Exam

Be ready to sit for SANS Institute Security 440 Certification Examination

Related / Follow-on Courses:

C)PTE: Penetration Testing Engineer

Course Content

The three (3) day IS20Controls certification course will cover the 20 most critical security controls that need to be implemented within every network.

Course Audience

​Security Consultant/Analyst

Penetration Tester

Security Forensics Expert

Network Security Engineer​

Course Outline

1: Inventory of Authorized and Unauthorized Devices

2: Inventory of Authorized and Unauthorized Software

3: Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

4: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches

5: Boundary Defense

6: Maintenance, Monitoring, and Analysis of Audit Logs

7: Application Software Security

8: Controlled Use of Administrative Privileges

9: Controlled Access Based on Need to Know

10: Continuous Vulnerability Assessment and Remediation

11: Account Monitoring and Control

12: Malware Defenses

13: Limitation and Control of Network Ports, Protocols, and Services

14: Wireless Device Control

15: Data Loss Prevention

16: Secure Network Engineering

17: Penetration Tests and Red Team Exercises

18: Incident Response Capability

19: Data Recovery Capability

20: Security Skills Assessment

Course Prerequisites

​C)ISSO: Information Systems Security Officer

Or equivalent security/networking experience

Course Schedule
This course is not scheduled yet.