This report examines, analyzes, and summarizes the nature of SANS Institute. The purpose of this report is to provide information security interest groups such as InfoSec readers, audiences, and users of information security with the information necessary for understanding what the SANS Institutes is about. In addition, this report will examine the history of SANS, its usage, benefits, and contribution to the public, institutions and to the government, including the type of courses and the certificates SANS offers.
Finally, we will examine the ongoing initiative on future development of information security and define how SANS Institute stays on top of the rapidly changing technology and the constant threat to information security in organizations.
History
The SANS Institute (SysAdmin Audit Networking and Security) was founded in 1989 and provides computer security training and professional certifications. These certifications are offered through GIAC Security Certification Program (Global Information Assurance Certification) which is ANSI certified (American National Standard Institute). ANSI enhances the U.S level of programs and helps to keep a global competitive edge.
In 1990s SANS started offering more formal events and vendor-oriented marketing. In 1995, its parent company, The Escal Institute of Advanced Technologies, started to veer the company to more commercial purposes. This was done by hosting and/or participating in events that focused on system vulnerabilities, exploits, and patches.
In 2008 the SANS Institute was born, offering degrees based on SANS training. Courses are delivered through virtual classrooms and online training.
Degrees and Courses
The SANS College is a part of SA...
... middle of paper ...
... the candidate to be up-to-date with the defensive practices in information security.
Many organizations ask that individuals have some form of certification before taking on new projects or contracts, the GIAC has access to the most current information and provides assurance based on this factor.
References
"Computer Security Training, Network Research & Resources." SANS: Computer Security Training, Network Security Research, InfoSec Resources. Web. 17 Mar. 2011. .
"SANS 2011 - Event-At-A-Glance." SANS: Computer Security Training, Network Security Research, InfoSec Resources. Web. 17 Mar. 2011. .
"SANS: Why Certify: Information Security Certification GIAC." SANS: Computer Security Training, Network Security Research, InfoSec Resources. Web. 17 Mar. 2011. .
This project must meet the requirements of DoD security policies and standards for delivery of the technology services. The first requirement we are to discuss is Federal Information Security Management Act (FISMA) which is a United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA assigned the National Institute of Standards and Technology (NIST), the responsibility of defining standards and security procedures to be followed and must be complied. There are nine processes NIST outlines to be in compliance with FISMA:
and their use. In Committee on Deterring Cyber attacks: Informing Strategies and Developing Options (Ed.), Proceedings of a Workshop on Deterring Cyber attacks: Informing Strategies and Developing Options for U.S. Policy. Washington, D.C.: National Academies Press.
In the past few years, cyber-attacks have grown dramatically and it is up to Information security analysts to come up with solutions to prevent hackers from stealing vital information making issues for computer networks. Information security analyst’s main priority is to protect a company’s computer system from getting attacked by hackers. It takes a couple of things to become an ISA, but it’s a well worth and well-paying job.
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
Roberts, Richard M. "Network Secrurity." Networking Fundamentals. 2nd ed. Tinley Park, IL: Goodheart-Willcox, 2005. 599-639. Print.
Diffie, Whitfield. (2008). Information Security: 50 Years Behind, 50 Years Ahead. Communications of the ACM. 51(1), 55-57.
capacity and performance. However, as networks enable more and more applications and are available to more and more users, they become ever more vulnerable to a wider range of security threats. To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today's networks.
System have to be constantly updated to prevent new types of attacks. Also, different layers of security have to be employed so as to increase the fortification of the network system against possible breach. In a case where a system has been breached, awareness should become the next priority as this can still help prevent the loss of data depending how soon detection can occur. In all security measures, human error has always been identified as a great risk. To minimize this, security training is encouraged not just for security personals but for everyone who uses a
ISO 27002: The purpose of ISO 27002 is to provide necessary guidance to organizations that are interested in developing an information security program. It uses best practices to improve dependability on information security when dealing with inter-organizational relationships. (COBIT Mapping of ISO, 2006, pg. 18).
There are numerous network security devices and tools available to aid in computer network defense, and these tools are often relied upon for protecting against increasingly sophisticated, stealthy, and damaging attacks. When acting alone, the current generation of security devices has an exceedingly difficult time providing an effective defense against such threats, and the situation is particularly grim for targeted or novel attacks.
Hettinger, Mike, and Scott Bousum. "Cybersecurity." TechAmerica Cybersecurity Comments. N.p., n.d. Web. 11 Mar. 2014. .
Melford, RJ 1993, 'Network security ', The Internal Auditor, vol. 50, no. 1, p. 18.
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
Thomas, Teka. "Cyber defense: Who 's in charge?" National Defense July 2015: 21+. War and Terrorism Collection. Web. 28 Oct.
(5) United States, Congress. Senate. Committee on Governmental Affairs. Security in Cyber Space. Washington: U.S. G.P.O., Hundred Fourth Congress, Second Session, May 22, 1996.