• Think, Analyze, Maintain
    Effective Solutions
  • Succeed with us!
    The World can be yours
  • Let us coperate!
    Advance your business!

MILE2 - IS20 Controls

Mile2’s IS 20 Controls course covers proven controls and methodologies that are used to execute and analyze the Top Twenty Most Critical Security Controls. This course allows the security professional to see how to implement controls in their existing network(s) though highly effective and economical automation. For management, this training is the best way to distinguish how you will assess whether these security controls are effectively being administered.

Course Value:

Nearly all organizations containing sensitive information are adopting and implementing the most critical security controls as the highest priority list. These controls were chosen by leading government and private organizations who are experts on how attacks work and what can be done to mitigate and prevent them from happening. These leading security experts chose the best of breed controls needed to block known incidents as well as alleviate any damage from successful attacks. Ultimately, the implementation of these Top 20 Controls will ensure best efforts to drastically decrease the overall cost of security while improving both the efficiency and effectiveness of it.


Experts began to compile the so-called Top 20 Security Controls list (Consensus Audit Guidelines) in 2008 after a series of U.S. defense industry companies suffered a series of severe loss of data, due to various cyber-attacks. With these attacks on the rise, it compelled many federal cyber-attack and defense experts to collaborate their understanding and knowledge of these malicious attack techniques, which were being used against both government and corporate industries alike. This collaboration resulted in the known top 20 lists of known security controls needed to ensure the integrity of organizational assets.

The CAG project was led by John Gilligan, who served as chief information officer for both the US Air Force and the US Department of Energy. In a statement Gilligan said that: it was obvious that organizations should implement these controls; also stating that "if you know that attacks are being carried out, you have a responsibility to prioritize your security investments to stop those attacks."

US Dept of Defense lists top 20 security controls


Upon completion, students will be able to confidently undertake the official Mile2 IS20 Controls exam as well as have a thorough understanding of the *SANS Security 440 certification examination. Students will enjoy an in-depth course that is continuously updated to maintain and incorporate the ever-changing security environment. This course offers up-to-date proprietary case studies that have been researched and developed by leading security professionals from around the world.


]I. Course Introduction

]II. Critical Control 1: Inventory of Authorized and Unauthorized Devices

]III. Critical Control 2: Inventory of Authorized and Unauthorized Software

]IV. Critical Control 3: Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

]V. Critical Control 4: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches

]VI. Critical Control 5: Boundary Defense

]VII. Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs

]VIII. Critical Control 7: Application Software Security

]IX. Critical Control 8: Controlled Use of Administrative Privileges

]X. Critical Control 9: Controlled Access Based on Need to Know

]XI. Critical Control 10: Continuous Vulnerability Assessment and Remediation

]XII. Critical Control 11: Account Monitoring and Control

]XIII. Critical Control 12: Malware Defenses

]XIV. Critical Control 13: Limitation and Control of Network Ports, Protocols, and Services

]XV. Critical Control 14: Wireless Device Control

]XVI. Critical Control 15: Data Loss Prevention

]XVII. Critical Control 16: Secure Network Engineering

]XVIII. Critical Control 17: Penetration Tests and Red Team Exercises

]XIX. Critical Control 18: Incident Response Capability

]XX. Critical Control 19: Data Recovery Capability

]XXI. Critical Control 20: Security Skills Assessment and Appropriate Training to Fill Gaps

*SANS and SANS 440 are trademarks of SANS Institute.

@ Register Now