Security Awareness Training is designed to educate users on the appropriate use, protection and security of information, individual user responsibilities and ongoing maintenance necessary to protect the confidentiality, integrity, and availability of information assets, resources, and systems from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.

This document is your guide to SANS paid and free Security Awareness Training resources.

SANS Paid Security Awareness Training Resources

SECURITY 304: Software Security Awareness

This awareness course discusses design and implementation of software applications to reduce the risk from hackers and attacks. The concept is to engineer software so that it continues to function correctly under malicious attack. This course introduces defensive coding and tips to avoid creating problems or vulnerabilities. We also examine the most common flaws of software design and implementation, and you will learn about specific practices to avoid those flaws.

SECURITY 309: Intro to Information Security

SANS is the MIT of Information Security and this introduction certification track is the fastest possible way to get up to speed on the terminology and concepts of information security. Understand the threats and risks to information resources and identify generally accepted best practices. Master risk management, security management, access controls, attacks and counter measures, secrecy and privacy, along with auditing concepts. We then move to the basics of computers and networking as we discuss the Internet Protocol, routing, Domain Name Service, and network devices along with a plethora of security considerations. After covering the basics of cryptography, we look at policy as a tool to effect change in their organizations.

SECURITY 351: Computer and Network Security Awareness

The Computer and Network Security Awareness course is offered for the individual just beginning to explore computer security. This course is designed to teach participants with little to no security experience important concepts and technology that every Internet user should know. In this class, you will learn about many different threats, antivirus programs, firewalls, anti-spyware, identity theft, Phishing, how to create strong passwords and more. This course will raise your awareness and give you the basic skills you need to protect yourself from various threats on the Internet whether you are at home, on the road or at work.

SECURITY 401: SANS Security Essentials

Maximize your training time and turbo-charge your career in computer security by learning the full SANS Security Essentials curriculum needed to qualify for the GSEC certification. In this course you will learn the language and underlying theory of computer security and the importance of network security awareness training. At the same time you will learn the essential, up-to-the-minute knowledge and skills required for effective performance if you are given the responsibility for securing systems and/or organizations. This course meets both of the key promises SANS makes to our students: (1) You will gain up-to-the-minute knowledge you can put into practice immediately upon returning to work; and, (2) You will be taught by the best security instructors in the industry. As always, great teaching sets SANS courses apart, and SANS ensures this by choosing instructors who have ranked highest in a nine-year competition among potential security faculty.

SANS Free Security Awareness Training Resources

Glossary of Computer Security Terms — http://www.sans.org/resources/glossary.php

Essential Security Actions — http://www.sans.org/score/essential.php

The Ten Most Important Security Trends of the Coming Year — http://www.sans.org/resources/10_security_trends.pdf

The SANS Security Policy Project — http://www.sans.org/resources/policies/

SANS invites you to visit the SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies. You'll find a great set of resources posted here already including policy templates for twenty-four important security requirements.

Here are some papers on Security Awareness Training you may want to read:

Developing a Security-Awareness Culture — Improving Security Decision Making — http://www.sans.org/reading_room/whitepapers/awareness/1526.php

This paper examines important facets of individual and group decision-making and provides prescriptive guidance on how we may improve the quality of our decision-making processes, leading to better security decisions.

A Guide to Security Metrics — http://www.sans.org/reading_room/whitepapers/auditing/55.php

This guide provides a definition of security metrics, explains their value, discusses the difficulties in generating them, and suggests a methodology for building a security metrics program.

Visual Baselines - Maximizing Economies of Scale Using Round Robin Databases — http://www.sans.org/reading_room/whitepapers/honors/1696.php

How are you going to know if something doesn't quite look "right" when you don't know what "right" is supposed to look like? This paper is designed to give the security professional a solid understanding of some of the tools that are available for them to use in assisting them in creating visual baselines including RRDtool, and Cacti. This paper will discuss the advantages of using Round Robin Databases to collect and display network statistics and how to use this information to create a clear picture of what is actually happening on your network.

Stopping the Targeted Attack: Why Comprehensive Malware Protection is Superior to Anti-virus Signatures for Protecting Your Organization — http://www.sans.org/reading_room/whitepaper/threats/51.php

This paper discusses the evolving nature of malware, and why enterprises continue to be highly vulnerable to targeted malware attacks despite deployment of common security solutions like anti-virus software and traditional firewalls. Accordingly, the paper then describes new solutions designed to be much more proactive and effective in protecting an organization's inbound and outbound traffic.

To learn more about the latest threats to Computer Security, please visit:

Internet Storm Center — http://isc.sans.org