“Security auditors should update risk-driven methodologies” urges SANS Institute expert

The SANS Spring London 2016 event is set to welcome a growing community of security auditors set to refresh their skills on the recently updated AUD507: Auditing and Monitoring Networks, Perimeters and Systems training course, which is one of eight security training tracks run by the organisation in London during February and March.

According to course author and industry expert David Hoelzer: “One of the key struggles that IT auditors face today is assisting senior management to understand the relationship between technical controls and risks to the business that these affect. This training track is organised specifically to provide a risk-driven methodology for tackling the enormous task of designing an enterprise security validation program.”

Hoelzer, a SANS Fellow instructor and author of more than 20 sections of SANS coursework, is an expert in a variety of information security fields, and was recently called upon to serve as an expert witness for the Federal Trade Commission around groundbreaking GLBA Privacy Rule litigation.

Across a 25-year career, Hoelzer has also scripted (and contributed to) more than 15 peer-reviewed books, publications and journal articles on all manner of security topics (including extensive works on audit).

Specification or selection of controls

“In today’s information security world, most enterprises are either already moving towards, or seriously considering moving towards compliance with any number of a variety of security standards that represent Best Practice,” continued Hoelzer.

“One of the key topics covered in this material is an effective, risk-based method for the specification or selection of controls. This skill set allows security professionals to analyse an existing set of controls, a business process, an audit exception or a security incident and identify any missing or ineffective controls. More importantly, perhaps, learners will be able to easily identify what corrective actions can eliminate the problem in the future.”

As a SANS instructor, Hoelzer has trained many security professionals over the years, including Fortune 500 security engineers and managers. He stated: “Auditors, administrators and security managers alike will walk away with a ‘To Do’ list far longer than the one with which they arrive. The overriding aim is to align security operations and auditing with business operations in a way that delivers the biggest return on investment for the host business.”

SANS London Spring 2016 runs from 29 February-5 March. All classes are being run within the Grand Connaught Rooms in the heart of London’s West End.

SANS London 2016: the courses

Many courses at SANS London Spring 2016 boast an associated GIAC examination. SANS is also offering an ‘On Demand’ version of courses at a discounted rate to assist with exam preparation.

The full list of courses includes:

*SEC560: Network Penetration Testing and Ethical Hacking (Erik Van Buggenhout)

*SEC401: Security Essentials ‘Bootcamp-Style’ (Dr Eric Cole)

*SEC504: Hacker Tools, Techniques, Exploits and Incident Handling

*SEC542: Web App Penetration Testing and Ethical Hacking (Pieter Danhieux)

*SEC760: Advanced Exploit Development for Penetration Testers (Jake Williams)

*FOR508: Advanced Digital Forensics and Incident Response (Jess Garcia)

*FOR526: Memory Forensics In-Depth (Alissa Torres)

*AUD507: Auditing and Monitoring Networks, Perimeters and Systems (David Hoelzer)

The event also offers evening socialising and networking opportunities involving SANS instructors and fellow industry peers. Further detail is available at: https://www.SANS.org/event/london-in-the-spring-2016/

About The SANS Institute

The SANS Institute was established back in 1989 as a co-operative research and education organisation. SANS is “the most trusted and, by far, the largest” provider of cyber security training and certification to professionals and commercial institutions worldwide.

Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events, as well as online.

An affiliate of The SANS Institute, GIAC validates employee qualifications via 27 hands-on, technical certifications in information security. For its part, The SANS Technology Institute (a regionally-accredited independent subsidiary) offers Master’s degrees in cyber security.

Further information on The SANS Institute and its work designed to help the entire information security community is available at: www.SANS.org

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts