Information-related risks, threats and compliance
by Mirko Zorz - Editor in Chief - Wednesday, 26 September 2012.
Security should have a single chart that everyone agrees to that identifies the critical assets (based on business process), threats (based on likelihood), vulnerabilities (based on impact) and overall risk. If everyone in the organization is focused and aligned to the same items, this will allow common metrics to be defined across the organizations.

Everyone can than focus on their respective areas -security can define the metrics, IT can implement the metrics, auditors can measure the metrics and executives can understand the metrics. The way to cut corners and to do more with less is through automation. Now computers can automatically do the repetitive continuous monitoring which would allow the limited staff to focus on analysis.

What does your SANS training course look like? What skills can attendees expect to acquire?

SANS SEC401 takes the student on a journey, showing how all of the areas of cyber security fit together. The following are some of the skills that attendees can acquire:

1) Understand the principles for designing a security network architecture.

2) Decode and analyze packets going across a network.

3) Integrate security throughout an organization that includes effective policies, access control and incident response.

4) Understand how the offense operates to build better defensive measures.

5) Map defensive solutions against risk to deploy the right security solutions for an organization.

6) Deploy cryptographic solutions that provide confidentiality, integrity, authentication and non-repudiation.

7) Build, analyze and security Windows and Unix operating systems that can defend against the APT.


MagSpoof: A device that spoofs credit cards, disables chip-and-PIN protection

The device can wirelessly spoof credit cards/magstripes, disable chip-and-PIN protection, and predict the credit card number and expiration date of Amex cards after they have reported stolen or lost.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th