SANS Institute

Last updated
SANS Institute
AbbreviationSANS
Formation1989;35 years ago (1989)
Location
  • United States
Website

The SANS Institute (officially the Escal Institute of Advanced Technologies) is a private U.S. for-profit company [1] founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. [2] The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs [3] and certification programs. [4] Per 2021, SANS is the world’s largest cybersecurity research and training organization. [5] SANS is an acronym for SysAdmin, Audit, Network, and Security. [6]

Contents

Programs

The SANS Institute sponsors the Internet Storm Center, an internet monitoring system staffed by a community of security practitioners, and the SANS Reading Room, a research archive of information security policy and research documents. SANS is one of the founding organizations of the Center for Internet Security.

SANS offers news and analysis through Twitter feeds and e-mail newsletters. Additionally, there is a weekly news and vulnerability digest available to subscribers. [7]

Training

When originally organized in 1989, [8] SANS training events functioned like traditional technical conferences showcasing technical presentations. By the mid-1990s, SANS offered events which combined training with tradeshows. Beginning in 2006, SANS offered asynchronous online training (SANS OnDemand) and a virtual, synchronous classroom format (SANS vLive). Free webcasts and email newsletters (@Risk, Newsbites, Ouch!) have been developed in conjunction with security vendors. The actual content behind SANS training courses and training events remains "vendor-agnostic". Vendors cannot pay to offer their own official SANS course, although they can teach a SANS "hosted" event via sponsorship.

In 1999, the SANS Institute formed Global Information Assurance Certification (GIAC), an independent entity that grants certifications in information security topics. [9]

It has developed and operates NetWars, a suite of interactive learning tools for simulating scenarios such as cyberattacks. NetWars is in use by the US Air Force [10] and the US Army. [11] [12]

Faculty

The majority of SANS faculty are not SANS employees, but industry professionals and experts in the field of information security. [13] [14] The faculty is organized into six different levels: Mentors, Community, Certified Instructors, Principal Instructors, Senior Instructors, and Fellows. [15]

SANS Technology Institute

As of 2006, SANS established the SANS Technology Institute, an accredited college based on SANS training and GIAC certifications. On November 21, 2013, SANS Technology Institute was granted regional accreditation by the Middle States Commission on Higher Education. [16]

SANS Technology Institute focuses exclusively on cybersecurity, offering a Master of Science degree program in Information Security Engineering (MSISE), five post-baccalaureate certificate programs (Penetration Testing & Ethical Hacking, Incident Response, Industrial Control Systems, Cyber Defense Operations, and Cybersecurity Engineering (Core), and an upper-division undergraduate certificate program (Applied Cybersecurity). SANS later launched a bachelor's degree program in Applied Cybersecurity as well. [17]

SANS continues to offer free security content via the SANS Technology Institute Leadership Lab [18] and IT/Security related leadership information. [19]

Courses & Certifications

SANS offers more than 85 hands-on cyber security courses and certification programs. [20]

Awards Programs

SANS acknowledges the contributions made by exceptional information security professionals, through its annual awards programs. [21]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that can lead to unauthorized information disclosure, theft or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Global Information Assurance Certification (GIAC) is an information security certification entity that specializes in technical and practical certification as well as new research in the form of its GIAC Gold program. SANS Institute founded the certification entity in 1999 and the term GIAC is trademarked by The Escal Institute of Advanced Technologies.

The United States Computer Emergency Readiness Team (US-CERT) was a team under the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security.

ISACA is an international professional association focused on IT governance. On its IRS filings, it is known as the Information Systems Audit and Control Association, although ISACA now goes by its acronym only. ISACA currently offers 8 certification programs, as well as other micro-certificates.

Information security standards are techniques generally outlined in published materials that attempt to protect a user's or organization's cyber environment. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

<span class="mw-page-title-main">EnCase</span> Software developed by Guidance Software

EnCase is the shared technology within a suite of digital investigations products by Guidance Software. The software comes in several products designed for forensic, cyber security, security analytics, and e-discovery use. EnCase is traditionally used in forensics to recover evidence from seized hard drives. It allows the investigator to conduct in-depth analysis of user files to collect evidence such as documents, pictures, internet history and Windows Registry information.

EC-Council is a cybersecurity certification, education, training, and services company based in Albuquerque, New Mexico.

Trellix is a privately held cybersecurity company that was founded in 2022. It has been involved in the detection and prevention of major cybersecurity attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.

Security information and event management (SIEM) is a field within computer security that combines security information management (SIM) and security event management (SEM) to enable real-time analysis of security alerts generated by applications and network hardware. SIEM systems are central to security operations centers (SOCs), where they are employed to detect, investigate, and respond to security incidents. SIEM technology collects and aggregates data from various systems, allowing organizations to meet compliance requirements while safeguarding against threats.

Control system security, or automation and control system (ACS) cybersecurity, is the prevention of interference with the proper operation of industrial automation and control systems. These control systems manage essential services including electricity, petroleum production, water, transportation, manufacturing, and communications. They rely on computers, networks, operating systems, applications, and programmable controllers, each of which could contain security vulnerabilities. The 2010 discovery of the Stuxnet worm demonstrated the vulnerability of these systems to cyber incidents. The United States and other governments have passed cyber-security regulations requiring enhanced protection for control systems operating critical infrastructure.

<span class="mw-page-title-main">Information security operations center</span> Facility where enterprise information systems are monitored, assessed, and defended

An information security operations center is a facility where enterprise information systems are monitored, assessed, and defended.

The Computing Technology Industry Association, more commonly known as CompTIA, is an American non-profit trade association that issues professional certifications for the information technology (IT) industry. It is considered one of the IT industry's top trade associations.

A Master of Science in Cyber Security is a type of postgraduate academic master's degree awarded by universities in many countries. This degree is typically studied for in cyber security. What is offered by many institutions is actually called a Master in Strategic Cyber Operations and Information Management (SCOIM) which is commonly understood to be a Master in Cybersecurity. This degree is offered by at least some universities in their Professional Studies program so that it can be accomplished while students are employed - in other words it allows for "distance learning" or online attendance. Requirements for the Professional Studies program include: 3.0 or better undergrad GPA, professional recommendations letters and an essay.

Cyber threat intelligence (CTI) is a subfield of cybersecurity that focuses on the structured collection, analysis, and dissemination of data regarding potential or existing cyber threats. It provides organizations with the insights necessary to anticipate, prevent, and respond to cyberattacks by understanding the behavior of threat actors, their tactics, and the vulnerabilities they exploit. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic and data derived for the deep and dark web.

The Center for Internet Security (CIS) is a US 501(c)(3) nonprofit organization, formed in October 2000. Its mission statement professes that the function of CIS is to " help people, businesses, and governments protect themselves against pervasive cyber threats."

William "Chuck" Easttom II is an American computer scientist specializing in cyber security, cryptography, quantum computing, and systems engineering.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

Michele Guel is an American cybersecurity engineer.

Cybersecurity engineering is a tech discipline focused on the protection of systems, networks, and data from unauthorized access, cyberattacks, and other malicious activities. It applies engineering principles to the design, implementation, maintenance, and evaluation of secure systems, ensuring the integrity, confidentiality, and availability of information.

References

  1. "What is the SANS Institute?". SANS Frequently Asked Questions (faq): Security Training: General. Retrieved 2012-09-19.
  2. "The SANS Institute Company Profile - Office Locations, Competitors, Revenue, Financials, Employees, Key People, Subsidiaries". crafit.io.
  3. "SC Magazine Awards 2015" (PDF). SC Magazine. Archived from the original (PDF) on 2018-08-07. Retrieved 2015-11-17.
  4. "2014 SC Awards U.S. Winners". SC Magazine. Retrieved 2015-11-17.
  5. Perlroth, Nicole (2021-11-15). "Alan Paller, a Mover on Cybersecurity Threat, Is Dead at 76". The New York Times. Retrieved 2022-03-19.
  6. "SANS Definition from PC Magazine Encyclopedia". www.pcmag.com. Retrieved 2016-09-14.
  7. Messier, Ric (2014). GSEC: GIAC Security Essentials Certification. New York: McGraw-Hill Education. p. 7. ISBN   978-0-07-181962-6.
  8. "SANS Institute: About". sans.org. Archived from the original on 2013-04-12. Retrieved 2008-12-16.
  9. "GIAC Information Security Certifications – Cyber Certifications". giac.org.
  10. "Stepped Up Cyberthreats Prompt Air Force To Rethink Training, Acquisitions". Afcea International. Retrieved 2015-11-17.
  11. "Strengthening the nation's defense against hackers". www.cbsnews.com. 26 April 2015. Retrieved 2015-11-17.
  12. O'Harrow, Robert Jr (2012-11-26). "CyberCity allows government hackers to train for attacks". The Washington Post. ISSN   0190-8286 . Retrieved 2015-11-17.
  13. Cyber Security Minute (15 February 2017). "Instructor Expertise".
  14. PacketStan. "What I Learned At Camp".
  15. SANS Technology Institute. "Instructors".
  16. "SANS Technology Institute, The - Statement of Accreditation Status". Middle States Commission on Higher Education. Retrieved 2022-03-19.
  17. "College Navigator-SANS Technology Institute, National Center for Education Statistics".
  18. "STI Information Security Laboratory". sans.edu. Archived from the original on 2010-12-20. Retrieved 2007-07-14.
  19. "STI Information Security Leadership Laboratory". sans.edu. Archived from the original on 2010-12-16. Retrieved 2007-05-10.
  20. "Cybersecurity Courses & Certifications". sans. Retrieved 2024-01-05.
  21. "Cybersecurity Awards | SANS Institute". www.sans.org. Retrieved 2024-02-08.
  22. Institute, SANS. "SANS Announces the 2021 Winners of the Difference Makers Awards". www.prnewswire.com (Press release). Retrieved 2024-02-11.
  23. "Nominations Now Open for the SANS 2020 Difference Makers Awards". AP News. 2020-10-01. Retrieved 2024-02-11.
  24. JupiterOne. "JupiterOne CISO and Head of Research Wins SANS Lifetime Achievement Award". www.prnewswire.com (Press release). Retrieved 2024-02-11.
  25. "Edwards is awarded SANS ICS Lifetime Achievement Award - ISA". isa.org. Retrieved 2024-02-11.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.