- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive!
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top Security Risks
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
Information Technology - IT Security
Information Technology Security also known as, IT Security is the process of implementing measures and systems designed to securely protect and safeguard information (business and personal data, voice conversations, still images, motion pictures, multimedia presentations, including those not yet conceived) utilizing various forms of technology developed to create, store, use and exchange such information against any unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby preserving the value, confidentiality, integrity, availability, intended use and its ability to perform their permitted critical functions.
This document is your guide to SANS paid and free IT Security resources.
SANS Paid IT Security Resources
- SECURITY 401: SANS Security Essentials
- Maximize your training time and turbo-charge your career in security by learning the full SANS Security Essentials curriculum needed to qualify for the GSEC certification. In this course you will learn the language and underlying theory of computer security. At the same time you will learn the essential, up-to-the-minute knowledge and skills required for effective performance if you are given the responsibility for securing systems and/or organizations. This course meets both of the key promises SANS makes to our students: (1) You will gain up-to-the-minute knowledge you can put into practice immediately upon returning to work; and, (2) You will be taught by the best security instructors in the industry. As always, great teaching sets SANS courses apart, and SANS ensures this by choosing instructors who have ranked highest in a nine-year competition among potential security faculty.
- SECURITY 504: Hacker Techniques, Exploits and Incident Handling
- By helping you understand attackers' tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan, the in-depth information in this course helps you turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents, a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them, and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.
- SECURITY 508: System Forensics, Investigation & Response
- Unpatched, unprotected computers connected to the Internet are being compromised in 3 days or less. The Blaster Worm proves systems behind a firewall can become the victim of a successful attack. Security professionals must master a variety of operating systems, investigation techniques, incident response tactics, and even legal issues. Learn forensic techniques and tools in a lab-style, hands-on setting for both Windows and Linux investigations. This course emphasizes a "try-it-by-hand" approach so that any student attending will take with them a solid grasp of how open source and commercial forensic tools complete their tasks, without having to merely have faith in the tool. This is accomplished by teaching the fundamental concepts of computer forensics in a tool-independent manner.
SANS Free IT Security Resources
Glossary of IT Security Terms — http://www.sans.org/resources/glossary.php
Essential Security Actions — http://www.sans.org/score/essential.php
The Ten Most Important Security Trends of the Coming Year — http://www.sans.org/resources/10_security_trends.pdf
The SANS Security Policy Project — http://www.sans.org/resources/policies/
SANS invites you to visit the SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies. You'll find a great set of resources posted here already including policy templates for twenty-four important security requirements.
Here are some papers on IT Security you may want to read:
- Forensic Analysis of a Compromised Intranet Server — http://www.sans.org/reading_room/whitepapers/forensics/1652.php
- This document details the forensic analysis process of a compromised Intranet server, from the verification stage to the dissection of malware code, supported by an explanation of the followed methodology.
- Becoming a Forensic Investigator — http://www.sans.org/reading_room/whitepapers/forensics/1453.php
- One of the forensic analyst's primary functions is the dissemination of the forensic process to the intended audience. To do their jobs successfully, they must write forensic reports that are both technically accurate and easy to read. This paper offers a methodology to ensure a repeatable standard and hopefully make the job of forensic technical writing easier.
- Identity Theft: Imitation Is Not The Sincerest Form Of Flattery — http://www.sans.org/reading_room/whitepapers/privacy/1635.php
- The purpose of this paper is to completely define the threat of identity theft. The paper will outline the following: how identity theft occurs, tips to avoid becoming a victim, and ways to recognize if you've been victimized; the role of technology in aiding and combating identity theft, how identity thieves use your personal information and steps to take if you become a victim.
- Hacking: The Basics — http://www.sans.org/reading_room/whitepapers/hackers/955.php
- This paper contains information on the tools and skills a hacker uses to infiltrate computer systems and networks. If you are interested in learning more about how hackers work, and also how to protect your own computers and networks you should consider taking the SANS SEC 504 Hacker Techniques, Exploits and Incident Handling course.
- The Role of the Security Analyst in the Systems Development Life Cycle — http://www.sans.org/reading_room/whitepapers/awareness/1601.php
- This document discusses security considerations during each phase of a generic development life cycle: Planning, Analysis, Design, Implementation, and Support, addressing a broad group of security topics.
To learn more about the latest threats to IT Security, please visit:
Internet Storm Center — http://isc.sans.org
Check Them Out!
Intense training! An excellent combination of technical and theory instruction.
-Richard Brull
- © 2000-2010 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy