ＨｉｄｅＺｅｒｏＯｎｅ

SANS Training Program for CISSP Certification is an accelerated review course designed to prepare you to pass the exam. The course takes into account the 2015 updates to the CISSP exam and prepares students to navigate all types of questions included on the new version of the exam.

Syllabus 

MGT414: SANS Training Program for CISSP® Certification

SEC460 will help you build your technical vulnerability assessment skills and techniques using time-tested, practical approaches to ensure true value across the enterprise. Throughout the course you will use real industry-standard security tools for vulnerability assessment, management, and mitigation; learn a holistic vulnerability assessment methodology while focusing on challenges faced in a large enterprise; and practice on a full-scale enterprise range chock-full of target machines representative of an enterprise environment, leveraging production-ready tools and a proven testing methodology. SEC460 takes you beyond the checklist and gives you a tour of attackers’ perspectives that is crucial to discovering where they will strike.

Syllabus

SEC460.1: Vulnerability Management and Assessment

SEC460.2: Network and Cloud Asset Discovery and Classification

SEC460.3: Enterprise and Cloud Vulnerability Scanning

SEC460.4: Vulnerability Validation, Triage, and Mass Data Management

SEC460.5: Remediation and Reporting

SEC460.6: Vulnerability Assessment Hands-on Challenge

SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment

SEC583 is a one-day, lab-heavy course designed to teach the powerful skill of how to craft and manipulate packets through the use of many hands-on activities. This skill can be used to test policies, behaviors, and configurations and will also provide deeper understanding of TCP/IP and application protocols.

Syllabus

SEC583.1: Crafting packets

SEC583: Crafting Packets

One of today’s most rapidly evolving and widely deployed technologies is server virtualization. SEC579: Virtualization and Software-Defined Security is intended to help security, IT operations, and audit and compliance professionals build, defend, and properly assess both virtual and converged infrastructures, as well as understand software-defined networking and infrastructure security risks. Many organizations are already realizing cost savings from implementing virtualized servers, and systems administrators love the ease of deployment and management of virtualized systems. More and more organizations are deploying desktop, application, and network virtualization as well. There are even security benefits of virtualization: easier business continuity and disaster recovery, single points of control over multiple systems, role-based access, and additional auditing and logging capabilities for large infrastructure. With these benefits comes a dark side, however. Virtualization technology is the focus of many new potential threats and exploits, and it presents new vulnerabilities that must be managed. There are also a vast number of configuration options that security and system administrators need to understand, with an added layer of complexity that has to be managed by operations teams. Virtualization technologies also connect to network infrastructure and storage networks, and require careful planning with regard to access controls, user permissions, and traditional security controls. In addition, many organizations are evolving virtualized infrastructure into private clouds using converged infrastructure that employs software-defined tools and programmable stack layers to control large, complex data centers. Security architecture, policies, and processes will need to be adapted to work within a converged infrastructure, and there are many changes that security and operations teams will need to accommodate to ensure that assets are protected.

Syllabus

SEC579.1: Core Concepts of Virtualization Security

SEC579.2: Virtualization and Software-Defined Security Architecture and Design

SEC579.3: Virtualization Threats, Vulnerabilities, and Attacks

SEC579.4: Defending Virtualization and Software-Defined Technologies

SEC579.5: Virtualization Operations, Auditing, and Monitoring

SEC579: Virtualization and Software-Defined Security

SEC549 offers an in-depth breakdown of security controls, services, and architecture models for public cloud environments. We cover brokering and security-as-a-service to help better secure SaaS access, containers and PaaS architecture and security considerations, and the entire spectrum of IaaS security offerings and capabilities. Between the lecture and a number of detailed hands-on labs, security operations, engineering, and architecture professionals will learn about all key areas of security controls in the cloud, how to properly architect them, the foundations of cloud defense and vulnerability management, as well as a primer on cloud security automation. Students will walk away with the tools and skills they need to help design secure cloud architecture for their own organizations.

Syllabus

SEC549.1: Cloud Security Models and Controls
SEC549.2: Cloud Security Architecture and Operations I
SEC549.3: Cloud Security Architecture and Operations II
SEC549.4: Cloud Security Offense + Defense Operations
SEC549.5: Cloud Security Automation and Orchestration

SANS SEC549: Cloud Security Architecture and Operations