This training path covers everything you need to know about IS20 Security Controls. Participants will learn about inventory of authorized and unauthorized devices, inventory of authorized and unauthorized software, secure configurations for hardware and software on laptops, workstations and servers, secure configurations for hardware network devices such as firewalls, routers and switches, boundary defense, maintenance, and monitoring and analysis of audit logs. They will also learn about application software security, the controlled use of administrative privileges, controlled access based on "need to know", continuous vulnerability assessment and remediation, account monitoring and control, malware defenses, limitation and control of network ports, and protocols and services. Also included is instruction on wireless device control, data loss prevention, secure network engineering, penetration tests and red team exercises, incident response capability, data recovery capability, security skills assessment, and appropriate training to fill gaps.
Career Path: Professional roles include, but at not limited to Security Consultant/Analyst, Penetration Tester, Security Forensics Experts, and Network Security Engineer.