GIAC Information Security Fundamentals (GISF)
Course: No Specific training is required for any GIAC certification. If candidates need help in mastering the objectives for this certification, there are many sources of information available. Practical experience is one option; there are also numerous books on the market covering Computer Information Security. Another option is SANS training, or any relevant courses from other training providers.
Target:Professionals who need to hit the ground running and need an overview of information assurance. Managers, Information Security Officers, and System Administrators who need an overview of risk management and defense in depth techniques. Anyone who writes, implements, or must adhere to policy, disaster recovery or business continuity.Proficient infosec administrators can network well on the eight layer of the ISO model (political) and the material contained in this track will help them to bridge the gap that often exists between managers and system administrators. GISF candidates will learn and be able to demonstrate key concepts of information security including: understanding the threats and risks to information and information resources, identifying best practices that can be used to protect them, and learning to diversify our protection strategy.
Requirements: 1 Proctored exam-150 questions-4-hour time limit-70% (105 of 150 questions) minimun passing score
Renewal: every 4 years
Delivery:Exams are delivered online through a standard web browser. For exams purchased with SANS training, access to the exam will be available 7-10 days following the end of the conference. Standalone challenge exams are issued within 24 hours upon receipt of payment. You will receive an email from GIAC when your exam has been issued to your portal account. You have 120 days to complete the exam from the time we send notice that it is available. The exams are proctored and should be scheduled using our.
Intro to Information Security 301- 5 Day Course
This introductory certification course is the fastest way to get up to speed in information security. Written and taught by battle-scarred security veterans, this entry-level course covers a broad spectrum of security topics and is liberally sprinkled with real life examples. A balanced mix of technical and managerial issues makes this course appealing to attendees who need to understand the salient facets of information security basics and the basics of risk management. Organizations often tap someone who has no information security training and say, “Congratulations, you are now a security officer.” If you need to get up to speed fast, Security 301 rocks!
We begin by covering basic terminology and concepts, and then move to the basics of computers and networking as we discuss Internet Protocol, routing, Domain Name Service, and network devices. We cover the basics of cryptography, security management, and wireless networking, then we look at policy as a tool to effect change in your organization. In the final day of the course, we put it all together with an implementation of defense in-depth.
If you’re a newcomer to the field of information security, this is the course for you! You will develop the skills to bridge the gap that often exists between managers and system administrators, and learn to communicate effectively with personnel in all departments and at all levels within your organization.
This is the track SANS offers for the professional just starting out in security. If you have experience in the field, please consider our more advanced offerings such as
A Framework for Information SECURITY 301-DAY 1
Information security is based upon foundational concepts such as asset value, the CIA triad (confidentiality, integrity, and availability), principal of least privilege, access control, and separation. Day one provides a solid understanding of the terms, concepts, and tradeoffs that will enable you to work effectively within the information security landscape. If you have been in security for a while, these chapters will be a refresher, providing new perspectives on some familiar issues.
Securing the Infrastructure SECURITY 301-Day 2
To appreciate the risks associated with being connected to the Internet one must have a basic understanding of how networks function. Day two covers the basics of networking (including a review of some sample network designs), including encapsulation, hardware and network addresses, name resolution, and address translation. We explore some typical attacks against the networking and computing infrastructure along with appropriate countermeasures.
Cryptography and Security in the Enterprise SECURITY 301-Day 3
Cryptography can be used to solve a number of security problems. Cryptography and Security in the Enterprise provides an in-depth introduction to a complex tool, (cryptography) using easy to understand examples and avoiding complicated mathematics. Attendees will gain meaningful insights into the benefits of cryptography (along with the pitfalls of a poor implementation of good tools). The day continues with an overview of the security organization in a typical company. Where does security fit in the overall organizational scheme? What is its charter? What other components of the larger organization must it interact with? We conclude the day with a whirlwind overview of wireless networking technology benefits and risks, including a roadmap for reducing risks in a wireless environment.Information Security Policy SECURITY 301-Day 4
Day four will empower those with the responsibility for creating, assessing, approving, or implementing security policy with the tools and techniques to develop effective, enforceable, policy. Information Security Policy demonstrates how to bring policy alive by using tools and techniques such as the formidable OODA (Orient, Observe, Decide, Act) model. We also explore risk assessment and management guidelines and sample policies, as well as examples of policy and perimeter assessments.Defense In-Depth: Lessons Learned SECURITY 301-Day 5