Managing Security Vulnerabilities - Enterprise & Cloud Security Training

What You Will Learn

Stop Treating Symptoms. Cure The Disease.

Whether your vulnerability management program is well established or you are just getting started, this course will help you think differently about vulnerability management. You will learn how to move past the hype to successfully prioritize the vulnerabilities that are not blocked, then clearly and effectively communicate the risk associated with the rest of the vulnerabilities in your backlog that, for a variety of reasons, cannot currently be remediated. You'll also learn what mature organizations are doing to ease the burden associated with vulnerability management across both infrastructure and applications as well as across both their cloud and non-cloud environments. MGT516 is based on the Prepare, Identify, Analyze, Communicate, and Treat (PIACT) Model.

MGT516 helps you think strategically about vulnerability management in order to mature your organization's program, but it also provides tactical guidance to help you overcome common challenges. By understanding and discussing solutions to typical issues that many organizations face across both traditional and cloud operating environments, you will be better prepared to meet the challenges of today and tomorrow. Knowing that many organizations are adopting cloud services in addition to continuing to manage their more traditional operating environments, we'll also look at different cloud service types throughout the course and how they impact the program both positively and negatively. We will highlight some of the tools and processes that can be leveraged in each of these environments and present new and emerging trends.

"This course is essential for both well-established and developing vulnerability management teams." - Robert Adams, CBC

"A great course to utilize if new to cloud vulnerability management." - Amaan Mughal

BUSINESS TAKEAWAYS:

This course will help your organization:

Understand what is working and what is not working in modern day vulnerability programs
Anticipate and plan for the impacts related to cloud operating environments
Realize why context matters and how to gather, store, maintain, and utilize contextual data effectively
Effectively and efficiently communicate vulnerability data and its associate risk to key stakeholders
Determine how to group vulnerabilities meaningfully to identify current obstacles or deficiencies
Know which metrics will drive greater adoption and change within the organization

SKILLS LEARNED:

Capability to create, implement, or mature your vulnerability management program and get buy-in from your stakeholders
Techniques for building and maintaining an accurate and useful inventory of IT assets in the enterprise and the cloud
What identification processes and technologies are effective across both infrastructure and applications and how to configure them appropriately
Which common false positives or false negatives to be aware of in your identification arsenal
How to prioritize unblocked vulnerabilities for treatment based on a variety of techniques
Effectively report and communicate vulnerability data within your organization
Ability to identify and report on the risk associated with vulnerabilities that are blocked and cannot currently be prioritized for remediation
A better understanding of modern treatment capabilities and how to better engage with treatment teams
Talent for making vulnerability management more fun and engaging for all those involved
Differentiating how to deal with application layer vulnerabilities versus infrastructure vulnerabilities
An understanding of how our strategies and techniques might change as we move to the cloud, implement private cloud, or roll out DevOps within our organizations

HANDS-ON TRAINING:

MGT516 uses the Cyber42 leadership simulation game, critical thinking labs based on outlined scenarios, hands-on labs and demonstrations to provide you with the information you need to skillfully fight the VM battle. Cyber42 helps students absorb and apply the content throughout the course. In this web-based continuous tabletop exercise, students play to improve security culture, manage budget and schedule, and improve specific vulnerability management capabilities at the fictional organization, The Everything Corporation or E Corp. This puts you in real-world scenarios that require you to think through various options for improving the organizations maturity by responding to specific events. The following is a brief description of the different game components and other labs by section:

Section 1: The Everything Corporation Company Overview, Round 1 Initiative Selection, Practice Event: Improve VM Program Image, and Events 1 & 2: Audit Action Item VM Policy & Standards & Shadow Cloud Usage; Moving to the Cloud, Asset Management Critical Attributes, Leveraging Asset Context Excel Lab and Domo Demonstration.
Section 2: Events 3 5: Asset Inventory, Gap in Coverage, Space Race, and Round 2 Initiative Selection; Scanning Techniques, Scan Validation
Section 3: Events 6 8: Healthcare Threat Intelligence Sharing, Inaccurate Report, and Third-party App Downloads; Contextual Prioritization, Adding Solution Groups and Types in Excel and ServiceNow Demonstration
Section 4: Round 3 Initiative Selection, Events 9 & 10: Misconfigured Blob Storage, E-commerce Oops; Changing Culture, Remediation Effectiveness
Section 5: Events 11 13: Legacy Systems, Code Coverage Challenge, and Space Race Part 2 The Board Meeting; Vulnerability Management Buy-In

"Excellent labs. More fun than I thought possible with vulnerability management." - Page Jeffery, Newmont

"I have really enjoyed the discussions around these labs and hearing similarities from other users. I think this format for labs is fun." - Isaac Philbrook, Premera

"Great experience with Cyber42!!" - Yann Esclanguin, Caterpillar

SYLLABUS SUMMARY:

Section 1: Course overview, cloud overview and design considerations, and asset management
Section 2: Identification challenges, processes, and technology across both infrastructure and applications
Section 3: Analysis and communication techniques for effectively influencing action
Section 4: Common treatment or remediation processes and technologies
Section 5: Getting buy-in, advancing your program, and tracking maturity

ADDITIONAL FREE RESOURCES:

WHAT YOU WILL RECEIVE:

Student manuals containing the entire course content and lab introductions and debriefs
Access to lab materials and bonus content and videos on the class website
Access to the Cyber42 security leadership simulation web app
MP3 audio files of the complete course lecture

WHAT COMES NEXT:

NOTE: SANS offers two courses with a focus on vulnerability management. MGT516 helps you think strategically about vulnerability management in order to mature your organization's program, but it also provides tactical guidance to help you overcome common challenges. SEC460: Enterprise and Cloud | Threat Vulnerability Assessment helps you build your technical vulnerability assessment skills and techniques using time-tested, practical approaches to ensure true value across the enterprise. Review the full comparison here.

SANS Video

Syllabus (30 CPEs)

Download PDF

Overview
This section looks at why vulnerability management is important and introduces the course. We then provide an overview of the cloud and how different cloud service types and architectures can impact managing vulnerabilities. Finally, well dig into why asset management is so important and foundational for effective vulnerability management, and the different ways that gaining additional context can help us succeed.
Exercises
Moving to the Cloud
- Scenario-based lab about the impact of moving to the cloud on an organizations vulnerability management program
Critical Attributes
- Scenario-based lab on how to identify critical contextual attributes that need to exist within our asset management database or be tracked in some other way to prioritize and manage vulnerabilities more effectively
Leveraging Asset Context
- Hands-on lab leveraging a spreadsheet that contains both vulnerability and asset data sets to answer questions about the vulnerability of data and the quality of the asset data
- Demonstration of a similar analysis being performed in Domo, a SaaS Business Intelligence platform
Cyber42 Game
- Game introduction and practice event
- Initiative selection for Round 1
- Two Round 1 events
Topics
Course Overview
Cloud and Cloud Vulnerability Management
Asset Management
- Overview
- Importance of context
- Attributes and inline context
- Cloud asset management
Overview
Identifying vulnerabilities continues to be a major focus for our security programs, as it can provide insight into the current risks to our organization. It also provides the data for our analysis and for the measures and metrics we use to guide the program and track our maturity. This section looks at common identification pitfalls and discuss identification architecture and design across both infrastructure and applications. Well also look at where we might require permission to perform identification and how we safely grant permission to third parties to test our systems and applications and responsibly disclose any findings.
Exercises
Scanning
- Scenario-based lab to better understand and identify the types of scanning that are most effective for different asset types
Scan Validation
- Scenario-based lab to better understand and identify the reasons why certain vulnerabilities are showing up in infrastructure scans even though they seem invalid or out of place
Cyber42 Game
- Two Round 1 events
- Initiative selection for Round 2
- One Round 2 event
Topics
Identification
- Challenges
- Tools, architecture, and design
- Cloud identification
- Permission
- Validating scan results
- Scanner configuration
- Application vulnerabilities
- Proactive Identification
- Bug bounty programs
Overview
Gone are the days when we can just scan for vulnerabilities and send the raw output to our teams for remediation. We need to help reduce the burden by analyzing the output to reduce inaccuracies and identify root-cause issues that may be preventing remediation. Once we have identified the issues that cannot be resolved, we should prioritize the rest to ensure that we are having the greatest impact and provide targeted reports or dashboards to system and platform owners. This section will look at some common inaccuracies in the output of our identification processes, discuss prioritization, and then look at what metrics are commonly used to measure our program and the related operational capabilities. We will also discuss how to generate meaningful reports, communication strategies, and the different types of meetings that should be held to increase collaboration and participation.
Exercises
Contextual Prioritization
- Critical thinking lab around how we leverage different contextual attributes to help us prioritize our vulnerability data sets
Solution Groups and Types
- Demo of two different methods (spreadsheet and ServiceNow) to apply solution groups or remediation actions to vulnerability data sets and leverage the groupings for analysis and reporting.
Cyber42 Game
- Three Round 2 events
Topics
Analyze
- Simple Threat Contextual Information
- Asset-based Contextual Information
- Advanced Threat Contextual Information
- Solution Groups
- Exclusion Groups & Risk
Communicate
- Metrics
- Reporting
- Communication Strategy
- Vulnerability Management Meetings
Overview
Treating vulnerabilities and reducing risk is the ultimate goal of all we do in vulnerability management. It is important for all participants to understand the typical processes and technologies that exist and how to leverage them to increase positive change within the organization. Most organizations will have some form of change, patch, and configuration management programs. This course section will look at how we interface with these processes to streamline change and increase consistency. Well also examine some unique challenges we face in the cloud, how to better deal with application vulnerabilities, and some alternatives we can look to when traditional treatment methods are not available.
Exercises
Changing Culture
- Discussion and thought-based lab about what organizational cultures are most or least conducive to vulnerability management and how to go about changing or influencing culture
Remediation Effectiveness
- Scenario-based lab to better understand and identify how to gauge the effectiveness of the treatment options selected for various vulnerabilities after implementation and over time
Cyber42 Game
- Initiative selection for Round 3
- Two Round 3 events
Topics
Treatment
- Change management
- Patch management
- Configuration management
- Cloud management
- Application management
- Alternative treatment
- Other treatment considerations
Overview
Vulnerability management is not the easiest job in an organization, and many challenges can hold us back. From split responsibility and accountability to reliance on shared personnel, much of the work done in this space goes unrecognized. This section will summarize much of what we have learned and discussed throughout the week and look at how we can use this information to improve the program. Well discuss how we can make VM more fun and successful within the organization, identify and collaborate more effectively with various stakeholders, and build out and mature a robust vulnerability management program.
Exercises
Vulnerability Management Buy-In
- Scenario-based lab to better identify important stakeholders and get or improve buy-in for the program
Cyber42 Game
- Three Round 3 events
- Final scoring and wrap-up
Topics
Buy-In
- Making VM fun
- Common Problems
- Stakeholder Identification
- Collaboration
Creating a Vulnerability Management Program
Selecting the Right Tools
Maturity
- Advancing the program
- The SANS VM Maturity Model and 2021 Survey Benchmarks

Prerequisites

A basic understanding of vulnerability, patch, and configuration management concepts is recommended for this course.

Laptop Requirements

You must bring a computing device (laptop or tablet) with the latest version of Microsoft Excel. This will be used for multiple exercises throughout the course.

The Cyber42 game used in this course is hosted on Amazon Web Services (AWS). Students must have a computer that does not restrict access to AWS services. Corporate machines may have a VPN, intercepting proxy, or egress firewall filter which can cause connection issues communicating with AWS. Students must be able to configure or disable these services to be able to access the Cyber42 game.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Author Statement

""It is easy to be overwhelmed by the amount of vulnerability management information available to us. Vulnerabilities are present in just about every device and software we use, with new reports released daily. Managing this dynamic landscape is a challenge for organizations. Our goal is to provide students with a framework for managing the vast quantities of vulnerabilities, and building or improving their vulnerability management program. This will enable students to identify the key problems within their environment, evaluate potential solutions for those problems, and communicate within their teams and to the organization on the effectiveness of vulnerability management."

- Jonathan Risto

"I appreciated Jonathan sharing his personal examples today as he covered the material. Great real world challenges and made the content more relatable. Thank you!" - Bridget Aman

"I have spent over a decade helping organizations improve their infrastructure and application vulnerability management capabilities and programs. It surprises me how many organizations are struggling with similar issues. I'm also concerned when I hear from organizations about how they are going to successfully implement vulnerability management in the cloud, even while they are still struggling to manage vulnerabilities in their more traditional operating environments. With this course, we want to provide students with a better understanding of what they can do to improve their current program and extend that program into the cloud. We want them to understand the common roadblocks they will face and provide solutions to these challenges. There is no one-size-fits-all solution to vulnerability management, but there are definitely common themes in mature organizations. The course is also a great opportunity to learn from what peers are doing in their organizations to solve some of the same problems you may be facing. '

- David Hazar

"David has vast experiences with numerous different types of organizations in vulnerability management. During the class, this was vital in bringing in and discussing real-world challenges." - Vikas Bangia, Bessemer Trust

Ways to Learn

OnDemand

Study and prepare for GIAC Certification with four months of online access. Includes labs and exercises, and support.

Live Online

Live, interactive sessions with SANS instructors over the course of one or more weeks, at times convenient to students worldwide.

In Person (5 days)

Training events and topical summits feature presentations and courses in classrooms around the world.

Who Should Attend MGT516?

CISOs
Vulnerability program managers and analysts managing vulnerabilities in the enterprise or cloud
Information security managers, architects, analysts, officers, and directors
Aspiring information security leaders
Risk management, business continuity and disaster recovery professionals
IT operations managers and administrators
Cloud service managers, administrators, integrators, developers, and brokers
Cloud service security and risk managers
Government IT professionals who manage vulnerabilities in the enterprise or cloud (FedRAMP, NIST CSF)

NICE Framework Work Roles:

Program Manager OV-PMA-001
Information Systems Security Manager OV-MGT-001
Security Architect SP-ARC-001
Enterprise Architect SP-ARC-002
Cyber Workforce Developer and Manager OV-SPP-001
Cyber Policy & Strategy Planner OV-SPP-002
IT Project Manager OV-PMA-001
IT Program Auditor OV-PMA-005
Executive Cyber Leadership OV-EXL-001
Information Systems Security Developer SP-SYS-001
Systems Developer SP-SYS-002
System Administrator OM-ADM-001
Database Administrator OM-DTA-001
Research & Development Specialist SP-TRD-001
Security Control Assessor: SP-RSK-002
Security Awareness & Communications Manager: OV-TEA-003

"Great class full of new info for beginners and experienced VM folks. Thank you!" - Jen OMalley, SAP

See prerequisites

Need to justify a training request to your manager?

Use this justification letter template to share the key details of this training and certification opportunity with your boss.

Download the Letter

Reviews

Its great information that is very applicable for today's corporate world fighting for achieving a hardened security posture.

David Wayne

Caterpillar

This course is essential for both well-established and developing vulnerability management teams.

Robert Adams

CBC

An understanding of vulnerability management and cloud security is becoming not only valuable but a necessity to keep ones organization secure in this constantly changing and dynamic environment.

Kae David

The course was excellent throughout the 5 day period. David was very professional in his delivery and the content explained what encompasses a vulnerability management program excellently.

Walleed Aljony

Ernst & Young

Real world scenario labs are really great. Thank you!

Abe De Los Reyes

Citrix

Display times in

Africa/Abidjan

Africa/Accra

Africa/Addis Ababa

Africa/Algiers

Africa/Asmara

Africa/Asmera

Africa/Bamako

Africa/Bangui

Africa/Banjul

Africa/Bissau

Africa/Blantyre

Africa/Brazzaville

Africa/Bujumbura

Africa/Cairo

Africa/Casablanca

Africa/Ceuta

Africa/Conakry

Africa/Dakar

Africa/Dar es Salaam

Africa/Djibouti

Africa/Douala

Africa/El Aaiun

Africa/Freetown

Africa/Gaborone

Africa/Harare

Africa/Johannesburg

Africa/Juba

Africa/Kampala

Africa/Khartoum

Africa/Kigali

Africa/Kinshasa

Africa/Lagos

Africa/Libreville

Africa/Lome

Africa/Luanda

Africa/Lubumbashi

Africa/Lusaka

Africa/Malabo

Africa/Maputo

Africa/Maseru

Africa/Mbabane

Africa/Mogadishu

Africa/Monrovia

Africa/Nairobi

Africa/Ndjamena

Africa/Niamey

Africa/Nouakchott

Africa/Ouagadougou

Africa/Porto-Novo

Africa/Sao Tome

Africa/Timbuktu

Africa/Tripoli

Africa/Tunis

Africa/Windhoek

America/Adak

America/Anchorage

America/Anguilla

America/Antigua

America/Araguaina

America/Argentina/Buenos Aires

America/Argentina/Catamarca

America/Argentina/ComodRivadavia

America/Argentina/Cordoba

America/Argentina/Jujuy

America/Argentina/La Rioja

America/Argentina/Mendoza

America/Argentina/Rio Gallegos

America/Argentina/Salta

America/Argentina/San Juan

America/Argentina/San Luis

America/Argentina/Tucuman

America/Argentina/Ushuaia

America/Aruba

America/Asuncion

America/Atikokan

America/Atka

America/Bahia

America/Bahia Banderas

America/Barbados

America/Belem

America/Belize

America/Blanc-Sablon

America/Boa Vista

America/Bogota

America/Boise

America/Buenos Aires

America/Cambridge Bay

America/Campo Grande

America/Cancun

America/Caracas

America/Catamarca

America/Cayenne

America/Cayman

America/Chicago

America/Chihuahua

America/Coral Harbour

America/Cordoba

America/Costa Rica

America/Creston

America/Cuiaba

America/Curacao

America/Danmarkshavn

America/Dawson

America/Dawson Creek

America/Denver

America/Detroit

America/Dominica

America/Edmonton

America/Eirunepe

America/El Salvador

America/Ensenada

America/Fort Nelson

America/Fort Wayne

America/Fortaleza

America/Glace Bay

America/Godthab

America/Goose Bay

America/Grand Turk

America/Grenada

America/Guadeloupe

America/Guatemala

America/Guayaquil

America/Guyana

America/Halifax

America/Havana

America/Hermosillo

America/Indiana/Indianapolis

America/Indiana/Knox

America/Indiana/Marengo

America/Indiana/Petersburg

America/Indiana/Tell City

America/Indiana/Vevay

America/Indiana/Vincennes

America/Indiana/Winamac

America/Indianapolis

America/Inuvik

America/Iqaluit

America/Jamaica

America/Jujuy

America/Juneau

America/Kentucky/Louisville

America/Kentucky/Monticello

America/Knox IN

America/Kralendijk

America/La Paz

America/Lima

America/Los Angeles

America/Louisville

America/Lower Princes

America/Maceio

America/Managua

America/Manaus

America/Marigot

America/Martinique

America/Matamoros

America/Mazatlan

America/Mendoza

America/Menominee

America/Merida

America/Metlakatla

America/Mexico City

America/Miquelon

America/Moncton

America/Monterrey

America/Montevideo

America/Montreal

America/Montserrat

America/Nassau

America/New York

America/Nipigon

America/Nome

America/Noronha

America/North Dakota/Beulah

America/North Dakota/Center

America/North Dakota/New Salem

America/Nuuk

America/Ojinaga

America/Panama

America/Pangnirtung

America/Paramaribo

America/Phoenix

America/Port-au-Prince

America/Port of Spain

America/Porto Acre

America/Porto Velho

America/Puerto Rico

America/Punta Arenas

America/Rainy River

America/Rankin Inlet

America/Recife

America/Regina

America/Resolute

America/Rio Branco

America/Rosario

America/Santa Isabel

America/Santarem

America/Santiago

America/Santo Domingo

America/Sao Paulo

America/Scoresbysund

America/Shiprock

America/Sitka

America/St Barthelemy

America/St Johns

America/St Kitts

America/St Lucia

America/St Thomas

America/St Vincent

America/Swift Current

America/Tegucigalpa

America/Thule

America/Thunder Bay

America/Tijuana

America/Toronto

America/Tortola

America/Vancouver

America/Virgin

America/Whitehorse

America/Winnipeg

America/Yakutat

America/Yellowknife

Antarctica/Casey

Antarctica/Davis

Antarctica/DumontDUrville

Antarctica/Macquarie

Antarctica/Mawson

Antarctica/McMurdo

Antarctica/Palmer

Antarctica/Rothera

Antarctica/South Pole

Antarctica/Syowa

Antarctica/Troll

Antarctica/Vostok

Arctic/Longyearbyen

Asia/Aden

Asia/Almaty

Asia/Amman

Asia/Anadyr

Asia/Aqtau

Asia/Aqtobe

Asia/Ashgabat

Asia/Ashkhabad

Asia/Atyrau

Asia/Baghdad

Asia/Bahrain

Asia/Baku

Asia/Bangkok

Asia/Barnaul

Asia/Beirut

Asia/Bishkek

Asia/Brunei

Asia/Calcutta

Asia/Chita

Asia/Choibalsan

Asia/Chongqing

Asia/Chungking

Asia/Colombo

Asia/Dacca

Asia/Damascus

Asia/Dhaka

Asia/Dili

Asia/Dubai

Asia/Dushanbe

Asia/Famagusta

Asia/Gaza

Asia/Harbin

Asia/Hebron

Asia/Ho Chi Minh

Asia/Hong Kong

Asia/Hovd

Asia/Irkutsk

Asia/Istanbul

Asia/Jakarta

Asia/Jayapura

Asia/Jerusalem

Asia/Kabul

Asia/Kamchatka

Asia/Karachi

Asia/Kashgar

Asia/Kathmandu

Asia/Katmandu

Asia/Khandyga

Asia/Kolkata

Asia/Krasnoyarsk

Asia/Kuala Lumpur

Asia/Kuching

Asia/Kuwait

Asia/Macao

Asia/Macau

Asia/Magadan

Asia/Makassar

Asia/Manila

Asia/Muscat

Asia/Nicosia

Asia/Novokuznetsk

Asia/Novosibirsk

Asia/Omsk

Asia/Oral

Asia/Phnom Penh

Asia/Pontianak

Asia/Pyongyang

Asia/Qatar

Asia/Qostanay

Asia/Qyzylorda

Asia/Rangoon

Asia/Riyadh

Asia/Saigon

Asia/Sakhalin

Asia/Samarkand

Asia/Seoul

Asia/Shanghai

Asia/Singapore

Asia/Srednekolymsk

Asia/Taipei

Asia/Tashkent

Asia/Tbilisi

Asia/Tehran

Asia/Tel Aviv

Asia/Thimbu

Asia/Thimphu

Asia/Tokyo

Asia/Tomsk

Asia/Ujung Pandang

Asia/Ulaanbaatar

Asia/Ulan Bator

Asia/Urumqi

Asia/Ust-Nera

Asia/Vientiane

Asia/Vladivostok

Asia/Yakutsk

Asia/Yangon

Asia/Yekaterinburg

Asia/Yerevan

Atlantic/Azores

Atlantic/Bermuda

Atlantic/Canary

Atlantic/Cape Verde

Atlantic/Faeroe

Atlantic/Faroe

Atlantic/Jan Mayen

Atlantic/Madeira

Atlantic/Reykjavik

Atlantic/South Georgia

Atlantic/St Helena

Atlantic/Stanley

Australia/ACT

Australia/Adelaide

Australia/Brisbane

Australia/Broken Hill

Australia/Canberra

Australia/Currie

Australia/Darwin

Australia/Eucla

Australia/Hobart

Australia/LHI

Australia/Lindeman

Australia/Lord Howe

Australia/Melbourne

Australia/NSW

Australia/North

Australia/Perth

Australia/Queensland

Australia/South

Australia/Sydney

Australia/Tasmania

Australia/Victoria

Australia/West

Australia/Yancowinna

Brazil/Acre

Brazil/DeNoronha

Brazil/East

Brazil/West

CET

CST6CDT

Canada/Atlantic

Canada/Central

Canada/Eastern

Canada/Mountain

Canada/Newfoundland

Canada/Pacific

Canada/Saskatchewan

Canada/Yukon

Chile/Continental

Chile/EasterIsland

Cuba

EET

EST

EST5EDT

Egypt

Eire

Etc/GMT

Etc/GMT+0

Etc/GMT+1

Etc/GMT+10

Etc/GMT+11

Etc/GMT+12

Etc/GMT+2

Etc/GMT+3

Etc/GMT+4

Etc/GMT+5

Etc/GMT+6

Etc/GMT+7

Etc/GMT+8

Etc/GMT+9

Etc/GMT-0

Etc/GMT-1

Etc/GMT-10

Etc/GMT-11

Etc/GMT-12

Etc/GMT-13

Etc/GMT-14

Etc/GMT-2

Etc/GMT-3

Etc/GMT-4

Etc/GMT-5

Etc/GMT-6

Etc/GMT-7

Etc/GMT-8

Etc/GMT-9

Etc/GMT0

Etc/Greenwich

Etc/UCT

Etc/UTC

Etc/Universal

Etc/Zulu

Europe/Amsterdam

Europe/Andorra

Europe/Astrakhan

Europe/Athens

Europe/Belfast

Europe/Belgrade

Europe/Berlin

Europe/Bratislava

Europe/Brussels

Europe/Bucharest

Europe/Budapest

Europe/Busingen

Europe/Chisinau

Europe/Copenhagen

Europe/Dublin

Europe/Gibraltar

Europe/Guernsey

Europe/Helsinki

Europe/Isle of Man

Europe/Istanbul

Europe/Jersey

Europe/Kaliningrad

Europe/Kiev

Europe/Kirov

Europe/Lisbon

Europe/Ljubljana

Europe/London

Europe/Luxembourg

Europe/Madrid

Europe/Malta

Europe/Mariehamn

Europe/Minsk

Europe/Monaco

Europe/Moscow

Europe/Nicosia

Europe/Oslo

Europe/Paris

Europe/Podgorica

Europe/Prague

Europe/Riga

Europe/Rome

Europe/Samara

Europe/San Marino

Europe/Sarajevo

Europe/Saratov

Europe/Simferopol

Europe/Skopje

Europe/Sofia

Europe/Stockholm

Europe/Tallinn

Europe/Tirane

Europe/Tiraspol

Europe/Ulyanovsk

Europe/Uzhgorod

Europe/Vaduz

Europe/Vatican

Europe/Vienna

Europe/Vilnius

Europe/Volgograd

Europe/Warsaw

Europe/Zagreb

Europe/Zaporozhye

Europe/Zurich

GB-Eire

GMT

GMT+0

GMT-0

GMT0

Greenwich

HST

Hongkong

Iceland

Indian/Antananarivo

Indian/Chagos

Indian/Christmas

Indian/Cocos

Indian/Comoro

Indian/Kerguelen

Indian/Mahe

Indian/Maldives

Indian/Mauritius

Indian/Mayotte

Indian/Reunion

Iran

Israel

Jamaica

Japan

Kwajalein

Libya

MET

MST

MST7MDT

Mexico/BajaNorte

Mexico/BajaSur

Mexico/General

NZ-CHAT

Navajo

PRC

PST8PDT

Pacific/Apia

Pacific/Auckland

Pacific/Bougainville

Pacific/Chatham

Pacific/Chuuk

Pacific/Easter

Pacific/Efate

Pacific/Enderbury

Pacific/Fakaofo

Pacific/Fiji

Pacific/Funafuti

Pacific/Galapagos

Pacific/Gambier

Pacific/Guadalcanal

Pacific/Guam

Pacific/Honolulu

Pacific/Johnston

Pacific/Kiritimati

Pacific/Kosrae

Pacific/Kwajalein

Pacific/Majuro

Pacific/Marquesas

Pacific/Midway

Pacific/Nauru

Pacific/Niue

Pacific/Norfolk

Pacific/Noumea

Pacific/Pago Pago

Pacific/Palau

Pacific/Pitcairn

Pacific/Pohnpei

Pacific/Ponape

Pacific/Port Moresby

Pacific/Rarotonga

Pacific/Saipan

Pacific/Samoa

Pacific/Tahiti

Pacific/Tarawa

Pacific/Tongatapu

Pacific/Truk

Pacific/Wake

Pacific/Wallis

Pacific/Yap

Poland

Portugal

ROC

ROK

Singapore

Turkey

UCT

US/Alaska

US/Aleutian

US/Arizona

US/Central

US/East-Indiana

US/Eastern

US/Hawaii

US/Indiana-Starke

US/Michigan

US/Mountain

US/Pacific

US/Samoa

UTC

Universal

W-SU

WET

Zulu

Filters:

Register for MGT516

In Person

Training events and topical summits feature presentations and courses in classrooms around the world.

Learn more

Live Online

Live, interactive sessions with SANS instructors over the course of one or more weeks, at times convenient to students worldwide.

Learn more

OnDemand

Study and prepare for GIAC Certification with four months of online access. Includes labs and exercises, and support.

Learn more

Train and Certify

Manage Your Team

Security Awareness

Resources

Get Involved

About

MGT516: Managing Security Vulnerabilities: Enterprise and Cloud

Course Authors:

Jonathan Risto

David Hazar

What You Will Learn

Syllabus (30 CPEs)

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

Exercises

Topics

Prerequisites

Laptop Requirements

Author Statement

Ways to Learn

Who Should Attend MGT516?

Need to justify a training request to your manager?

Reviews

Filters:

Register for MGT516

Loading...