NEW Managing Security Vulnerabilities: Enterprise and Cloud Course in Boston. Save $300 thru 2/26

Healthcare Cyber Security Summit

San Francisco, CA | Wed, Dec 3 - Wed, Dec 10, 2014
This event is over,
but there are more training opportunities.

SEC301: Intro to Information Security

Fri, December 5 - Tue, December 9, 2014

It's a very good course if you need the basic foundation. It's a very helpful class to take because it expands on some basic concepts.

Shruti Iyer, DCS Corporation

Great course - very informative and current.

Vickie Allen, University of Oklahoma

This introductory certification course is the fastest way to get up to speed in information security. Written and taught by battle-scarred security veterans, this entry-level course covers a broad spectrum of security topics and is liberally sprinkled with real life examples. A balanced mix of technical and managerial issues makes this course appealing to attendees who need to understand the salient facets of information security basics and the basics of risk management. Organizations often tap someone who has no information security training and say, "Congratulations, you are now a security officer." If you need to get up to speed fast, Security 301 rocks!

We begin by covering basic terminology and concepts, and then move to the basics of computers and networking as we discuss Internet Protocol, routing, Domain Name Service, and network devices. We cover the basics of cryptography, security management, and wireless technology, then we look at policy as a tool to effect change in your organization. In the final day of the course, we put it all together with an implementation of defense in-depth.

If you're a newcomer to the field of information security, this is the course for you! You will develop the skills to bridge the gap that often exists between managers and system administrators, and learn to communicate effectively with personnel in all departments and at all levels within your organization.


This course has been revised to incorporate practical hands on exercises and a short practice certification test on the last day. This course will require a laptop for all classes after December 1, 2013.

Course Syllabus

Keith Palmgren
Fri Dec 5th, 2014
9:00 AM - 5:00 PM


Information security is based upon foundational concepts such as asset value, the CIA triad (confidentiality, integrity, and availability), principle of least privilege, access control, and separation. Day one provides a solid understanding of the terms, concepts, and tradeoffs that will enable you to work effectively within the information security landscape. If you have been in security for a while, these chapters will be a refresher, providing new perspectives on some familiar issues.


Install and configure Secunia Personal Software Inspector to update non-Microsoft applications to the latest revision level. Install, configure, and use Password Safe to store their passwords in an encrypted 'vault'. Attendees will then have a secure way to create and store unique passwords for every account they use. Install, configure and use SyncBack software to back up data from their laptop to an external drive. SyncBack precludes the need to manually track which files have been backed up.

CPE/CMU Credits: 6

Keith Palmgren
Sat Dec 6th, 2014
9:00 AM - 5:00 PM


To appreciate the risks associated with being connected to the Internet one must have a basic understanding of how networks function. Day two covers the basics of networking (including a review of some sample network designs), including encapsulation, hardware and network addresses, name resolution, and address translation. We explore some of the various types of malware and associated delivery mechanism. We conclude with a review of some typical attacks against the networking and computing infrastructure as well as discussing human-based attacks.


Attendees will use tools available with the Microsoft operating system to determine several parameters associated with the network interface in their computer as well as tracing routes to several sites on the Internet. At the completion, attendees will have an understanding of basic routing concepts.

After installing Malwarebytes Anti-Malware, attendees will scan the laptop drive (and the external drive) and remove from them spyware and adware that might not be detected by typical anti-viral software.

CPE/CMU Credits: 6

Keith Palmgren
Sun Dec 7th, 2014
9:00 AM - 5:00 PM


Cryptography can be used to solve a number of security problems. Cryptography and Security in the Enterprise provides an in-depth introduction to a complex tool, (cryptography) using easy to understand examples and avoiding complicated mathematics. Attendees will gain meaningful insights into the benefits of cryptography (along with the pitfalls of a poor implementation of good tools). The day continues with an overview of Operational Security (OPSEC) as well as Safety and Physical Security. We conclude the day with a whirlwind overview of wireless networking technology benefits and risks, including a roadmap for reducing risks in a wireless environment.


Attendees will use Trucrypt software to create an encrypted partition on the laptop hard drive and use it to store sensitive information.

CPE/CMU Credits: 6

Keith Palmgren
Mon Dec 8th, 2014
9:00 AM - 5:00 PM


Day four will empower those with the responsibility for creating, assessing, approving, or implementing security policy with the tools and techniques to develop effective, enforceable, policy. Information Security Policy demonstrates how to bring policy alive by using tools and techniques such as the formidable OODA (Orient, Observe, Decide, Act) model. We also explore risk assessment and management guidelines and sample policies, as well as examples of policy and perimeter assessments.


Attendees will install, configure, and use KillDisk to overwrite the free space on an external disk and learn how to verify that the information has been overwritten. They will then overwrite the entire external disk and verify that it contains no usable data. This will provide the attendees with a tool that can be used to overwrite a hard disk prior to disposing of it, significantly reducing the risk of disclosing sensitive data when they dispose of a personal computer.

CPE/CMU Credits: 6

Keith Palmgren
Tue Dec 9th, 2014
9:00 AM - 5:00 PM


The goal of day five is to enable managers, administrators, and those in the middle to strike a balance between "security" and "getting the job done." We'll explore how risk management deals with more than just security. We discuss the six phases of incident handling as well as some techniques that organizations can use to develop meaningful metrics.


Attendees will take an abbreviated version of the certification exam to gain insight into the nature of the exam and the mechanics of the testing process. At the end of the test, attendees will have a better understanding of their collective grasp of the course material.

CPE/CMU Credits: 6

Additional Information

Here's what recent attendees had to say about this course:

"This class is great for IT professionals looking for their first step towards security awareness. I have been in IT for 17 years and I learned a lot on this first day of class." - Paul Beninati, EMC

"Good basic information for someone just coming into the field." - Bryce Richert, SUH

"It's a very good course if you need the basic foundation. It's a very helpful class to take because it expands on some basic concepts." - Shruti Iyer, DCS Corporation

Security 301: SANS Intro to Information Security course consists of instruction and hands-on sessions. The lab sessions are designed to enable students to implement the concepts and practices in an instructor-led environment. Students will have the opportunity to install, configure, and use the programs that illustrate core skills in cyber security.

To conduct the exercises associated with the course, students will need to bring a laptop configured as described in the SEC301 Laptop and Drive Configuration Guide. To ensure success in conducting the exercises, it is critical that the laptop be properly configured before you come to class. Students are also required to test their systems (as described below) prior to coming to class.

NOTE: Do not bring a regular production laptop for this class! When installing software, there is always a chance of breaking something else on the system. Students should assume that all data could be lost.

NOTE: It is critical that students be able to login to the Administrator level account (SEC301-adm) for the operating system and be able to install programs that are provided on the CD that comes with the course materials.

NOTE: End point security solutions (i.e., application white listing) can prevent programs from being installed correctly on the system. Students need to be able to temporarily disable end point security solutions or make exceptions to allow programs to run.

NOTE: An optical reader (CD, DVD) is required to install the programs that will be provided in class.

NOTE: External storage media (e.g., USB thumb drive, portable hard disk drive, or memory card/chip) is required to store files created during the exercises. Note that the media will be completely overwritten during the last exercise. The recommended media size is 2 GB; larger sizes will require longer to completely erase the information by overwriting it. Do NOT bring media that contains information that cannot be overwritten.

Students must bring a laptop with a current version of a supported Windows operating system (e.g., Windows Vista or later; Windows 7 is recommended). The exercises have been successfully tested in a Windows 7 environment. but students can also bring a Windows 8 environment.

The SEC301 Laptop and Drive Configuration Guide provides step-by-step instructions on how to configure the laptop and associated external media.

In summary, before you arrive at the training event you should:

  • Confirm that a current Windows operating system (e.g., Windows 7) is installed and working
  • Login to the SEC301-adm account and verify that it has Administrative level privilege
  • Confirm that the computer can connect to a WiFi network that configures the network parameters (e.g., IP address, DNS addresses, and default gateway)
  • Confirm that you have properly configured the external storage media (1-2 GB capacity) as described in the SEC301 Laptop and Drive Configuration Guide
  • Confirm that you can successfully copy files from optical media to the computer using the optical drive that you will take to the class

It is critical that you work through the documents before class so that you arrive with a properly configured laptop and external media.

By properly preparing, we know that you will have a knowledge rich and enjoyable lab experience.

If you have any questions, feel free to contact us.

Fred Kerby

Track Lead/Course Author

If you have additional questions about the laptop specifications, please contact

  • Persons new to information technology who need to understand the basics of information assurance, computer networking, cryptography, and risk evaluation
  • Managers and Information Security Officers who need a basic understanding of risk management and the tradeoffs between confidentiality, integrity,and availability
  • Managers, administrators, and auditors who need to draft, update, implement, or enforce policy

Which Course Is Right For You?

This is the track SANS offers for the professional just starting out in security. If you have experience in the field, please consider our more advanced offerings such as Security Essentials, SEC 401.

  • Securely store passwords to multiple accounts using a free tool that implements an encrypted database
  • Backup and synchronize files to an external drive using a tool that detects differences between the source and destination files
  • Manage and update patches for third party applications in a Microsoft OS environment
  • Protect sensitive data by creating an encrypted partition on a laptop hard drive
  • Protect sensitive data from disclosure by securely erasing the data on an external drive
  • Discuss and understand risk as a product of vulnerability, threat, and impact to an organization
  • Apply basic principles of information assurance (e.g., least privilege, separation of risk, defense in depth, etc.)
  • Understand how networks work (link layer communications, addressing, basic routing, masquerading)
  • Identify the predominant forms of malware and the various delivery mechanisms that can place organizations at risk
  • Identify the capabilities and limitations of cryptography
  • Evaluate policy and recommend improvements
  • Identify and implement meaningful security metrics
  • Identify and understand the basic attack vectors used by intruders

Courses that are good follow-ups

  • SEC401
  • MGT512

Author Statement

A good friend of mine once said, "A little security is better than no security." If your organization is in either situation (little or no security) and you want to make a difference in a positive way, this course is a great place to start. If your organization has already made an investment in security, this is a great opportunity to compare notes with others and identify how to maximize the return on your investment. In 1995, I agreed to fill the position of "number one spear catcher" (the head security guy) for our organization. I asked about training and my predecessor told me that the agency would provide training, but suggested that I work for six months to get some "real-world experience to compare against the theory." It was a long and frustrating six months and the training was less than helpful. A few years later when SANS offered to let me help write and teach this course, I literally jumped at the opportunity. Every time I teach it, I'm excited and I enjoy it as much as the attendees. It's been very gratifying.

- Fred Kerby