Information Security Resources

Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.

Wikipedia says,

"Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms."

• Paid SANS Information Security Resources
• Free SANS Information Security Resources
  • Information Security Resources Links
  • Recommended Information Security Papers from the SANS Reading Room
  • Additional Resources

Paid SANS Information Security Resources

SEC401: Security Essentials Bootcamp Style

Maximize your training time and turbo-charge your career in security by learning the full SANS Security Essentials curriculum needed to qualify for the GSEC certification. In this course you will learn the language and underlying theory of computer security. At the same time you will learn the essential, up-to-the-minute knowledge and skills required for effective performance if you are given the responsibility for securing systems and/or organizations. This course meets both of the key promises SANS makes to our students: (1) You will gain up-to-the-minute knowledge you can put into practice immediately upon returning to work; and, (2) You will be taught by the best security instructors in the industry. As always, great teaching sets SANS courses apart, and SANS ensures this by choosing instructors who have ranked highest in a nine-year competition among potential security faculty. View Full Course Description

SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling

By helping you understand attackers' tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan, the in-depth information in this course helps you turn the tables on computer attackers. View Full Course Description

SEC542: Web App Penetration Testing and Ethical Hacking

Web applications are a major point of vulnerability in organizations today. Web app holes have resulted in the theft of millions of credit cards, major financial and reputational damage for hundreds of enterprises, and even the compromise of thousands of browsing machines that visited Web sites altered by attackers. In this intermediate to advanced level class, you'll learn the art of exploiting Web applications so you can find flaws in your enterprise's Web apps before the bad guys do.~ View Full Course Description

MGT512: SANS Security Leadership Essentials For Managers with Knowledge Compression™

MANAGEMENT 512 was also selected as an approved 8570 training and certification, this completely updated course is designed to empower advancing managers who want to get up to speed fast on information security issues and terminology.You don't just learn about security, you learn how to manage security. Lecture sections are intense; the most common student comment is that it's like drinking from a fire hose. The diligent manager will learn vital, up-to-date knowledge and skills required to supervise the security component of any information technology project. Additionally, the course has been engineered to incorporate the NIST Special Papers 800 guidance so that it can be particularly useful to US Government managers and supporting contractors. View Full Course Description

FOR500: Windows Forensic Analysis

Computer Forensic Essentials focuses on the essentials that a forensic investigator must know to investigate core computer crime incidents successfully. You will learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil/criminal litigation. View Full Course Description

LEG523: Law of Data Security and Investigations

This is the most advanced program in network intrusion detection where you will learn practical hands-on intrusion detection methods and traffic analysis from top practitioners/authors in the field. All of the course material is either new or just updated to reflect the latest attack patterns. This series is jam-packed with network traces and analysis tips. The emphasis of this course is on increasing students' understanding of the workings of TCP/IP, methods of network traffic analysis, and one specific network intrusion detection system - Snort. This course is not a comparison or demonstration of multiple NIDS. Instead, the knowledge/information provided here allows students to better understand the qualities that go into a sound NIDS and the "whys" behind them, and thus, to be better equipped to make a wise selection for their site's particular needs. View Full Course Description

Free SANS Information Security Resources

• Glossary of Information Security Terms
• Essential Security Actions
• The SANS Security Policy Project

Recommended Information Security Papers from the SANS Reading Room

• A Guide to Security Metrics by Shirley Payne - June 26, 2006 in Auditing & Assessment

  This guide provides a definition of security metrics, explains their value, discusses the difficulties in generating them, and suggests a methodology for building a security metrics program.

  •  Overview
  •  Download

• ---

• Hacking: The Basics by Zachary Wilson - April 4, 2001 in Hackers

  The basics of IT security for less security conscious IT professionals and end-users on exactly who is out there and what they are doing to get in.

  •  Overview
  •  Download

• ---

• An Introduction to Information System Risk Management by Steve Elky - June 6, 2006 in Auditing & Assessment

  Key elements of information security risk, offering insight into risk assessment methodologies.

  •  Overview
  •  Download

• ---

• Risk Analysis for HIPAA Compliancy by Chris Ralph - March 9, 2005 in HIPAA

  This document describes the policy and procedure established by a small hospital, GIAC Health, for meeting the Risk Analysis Administrative Safeguard requirement for HIPAA compliancy.

  •  Overview
  •  Download

• ---

Additional Resources

• SANS Reading Room
• Computer Security Resources
• IT Security Resources
• Network Security Resources
• Latest Threats: Internet Storm Center
• The Definition of Information Security on Wikipedia
• Department of Defense Directive (DoD) 8570
• Is DoD 8570 Really Working?
• Computer Security Management Training Is Now NIST SP800 Compliant