6 days to save $500 for SANS Rocky Mountain 2013

Information Technology IT Security Resources

Information Technology Security also known as, IT Security is the process of implementing measures and systems designed to securely protect and safeguard information (business and personal data, voice conversations, still images, motion pictures, multimedia presentations, including those not yet conceived) utilizing various forms of technology developed to create, store, use and exchange such information against any unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby preserving the value, confidentiality, integrity, availability, intended use and its ability to perform their permitted critical functions.

This document is your guide to SANS paid and free IT Security resources.

SANS Paid IT Security Resources

SECURITY 401: SANS Security Essentials

Maximize your training time and turbo-charge your career in security by learning the full SANS Security Essentials curriculum needed to qualify for the GSEC certification. In this course you will learn the language and underlying theory of computer security. At the same time you will learn the essential, up-to-the-minute knowledge and skills required for effective performance if you are given the responsibility for securing systems and/or organizations. This course meets both of the key promises SANS makes to our students: (1) You will gain up-to-the-minute knowledge you can put into practice immediately upon returning to work; and, (2) You will be taught by the best security instructors in the industry. As always, great teaching sets SANS courses apart, and SANS ensures this by choosing instructors who have ranked highest in a nine-year competition among potential security faculty.

SECURITY 504: Hacker Techniques, Exploits and Incident Handling

By helping you understand attackers' tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan, the in-depth information in this course helps you turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents, a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them, and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

SECURITY 508: System Forensics, Investigation & Response

Unpatched, unprotected computers connected to the Internet are being compromised in 3 days or less. The Blaster Worm proves systems behind a firewall can become the victim of a successful attack. Security professionals must master a variety of operating systems, investigation techniques, incident response tactics, and even legal issues. Learn forensic techniques and tools in a lab-style, hands-on setting for both Windows and Linux investigations. This course emphasizes a "try-it-by-hand" approach so that any student attending will take with them a solid grasp of how open source and commercial forensic tools complete their tasks, without having to merely have faith in the tool. This is accomplished by teaching the fundamental concepts of computer forensics in a tool-independent manner.

SANS Free IT Security Resources

Here are some papers on IT Security you may want to read:

  • Forensic Analysis of a Compromised Intranet Server
    This document details the forensic analysis process of a compromised Intranet server, from the verification stage to the dissection of malware code, supported by an explanation of the followed methodology.
  • Becoming a Forensic Investigator
    One of the forensic analyst's primary functions is the dissemination of the forensic process to the intended audience. To do their jobs successfully, they must write forensic reports that are both technically accurate and easy to read. This paper offers a methodology to ensure a repeatable standard and hopefully make the job of forensic technical writing easier.
  • Identity Theft: Imitation Is Not The Sincerest Form Of Flattery
    The purpose of this paper is to completely define the threat of identity theft. The paper will outline the following: how identity theft occurs, tips to avoid becoming a victim, and ways to recognize if you've been victimized; the role of technology in aiding and combating identity theft, how identity thieves use your personal information and steps to take if you become a victim.
  • Hacking: The Basics
    This paper contains information on the tools and skills a hacker uses to infiltrate computer systems and networks. If you are interested in learning more about how hackers work, and also how to protect your own computers and networks you should consider taking the SANS SEC 504 Hacker Techniques, Exploits and Incident Handling course.
  • The Role of the Security Analyst in the Systems Development Life Cycle
    This document discusses security considerations during each phase of a generic development life cycle: Planning, Analysis, Design, Implementation, and Support, addressing a broad group of security topics.

Additional Resources

To learn more about the latest threats to IT Security, please visit: The Internet Storm Center

This is the best group of instructors I've ever been exposed to.
-Mark Jeanmougin, 53.com

vLive SEC542

Latest Whitepapers

Securing BYOD With Network Access Control, a Case Study
By Lawrence Orans

Event Monitoring and Incident Response
By Ryan Boyle

Dead Linux Machines Do Tell Tales
By James Fung

Latest Tweets

SANS San Francisco 2013 offers 7 courses to boost your Cyber [...]
May 23, 2013 - 3:06 PM

Excellent blog post by @MarkBaggett on pen testing MS SQL vi [...]
May 22, 2013 - 7:39 PM

#appsec "WhatWorks in AppSec: Log Forging" http://t.co/Gsq91O7UAH
May 22, 2013 - 10:00 AM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc