Security auditors should update risk driven methodologies says Hoelzer
February 2016 by Marc Jacob
SANS Spring London 2016 will welcome a growing community of security auditors set to refresh skills on the recently updated AUD507: Auditing & Monitoring Networks, Perimeters & Systems course which is one of eight security training tracks in London in February.
According to course author and industry expert David Hoelzer, “One of the struggles that IT auditors face today is assisting management to understand the relationship between the technical controls and the risks to the business that these affect. This track is organised specifically to provide a risk driven method for tackling the enormous task of designing an enterprise security validation program.”
Hoelzer, a SANS Fellow instructor and author of more than twenty sections of SANS courseware, is an expert in a variety of information security fields and was recently called upon to serve as an expert witness for the Federal Trade Commission for ground-breaking GLBA Privacy Rule litigation. Over a 25 year career, Hoelzer has also written and contributed to more than 15 peer reviewed books, publications, and journal articles on all manner of security topics including extensive works on audit.
“In today’s information security world, most enterprises are either already moving toward or seriously considering moving toward compliance with any number of a variety of security standards that represent best practice.,” says Hoelzer, “One of the key topics covered in this material is an effective risk based method for the specification or selection of controls. This skill set allows you to analyse an existing set of controls, a business process, an audit exception or a security incident, identifying any missing or ineffective controls. More importantly, perhaps, you will be able to easily identify what corrective actions will eliminate the problem in the future.”
As a SANS instructor, Hoelzer has trained security professionals from organisations including NSA, DHHS, Fortune 500 security engineers and managers. In his view, “Auditors, Administrators and Security Managers alike walk away with a ‘To-Do’ list far longer than the one that they arrive with. The aim is to align your security operations and auditing with business operations in a way that delivers the biggest return on investment.”
SANS London Spring runs from February the 29th to 5th March with all classes taking place in the Grand Connaught Rooms in the heart of London’s West End. Many courses at SANS London Spring have an associated GIAC examination and certification attempts are available at a reduced rate when bundled with training. SANS are also offering an OnDemand version of courses at a discounted rate to assist with exam preparation. The full list of courses includes:
SEC560: Network Penetration Testing and Ethical Hacking with Erik Van Buggenhout
SEC401: Security Essentials Bootcamp Style with Dr. Eric Cole
SEC504: Hacker Tools, Techniques, Exploits and Incident Handling
SEC542: Web App Penetration Testing and Ethical Hacking with Pieter Danhieux
SEC760: Advanced Exploit Development for Penetration Testers with Jake Williams
FOR508: Advanced Digital Forensics and Incident Response with Jess Garcia
FOR526: Memory Forensics In-Depth with Alissa Torres
AUD507: Auditing & Monitoring Networks, Perimeters & Systems with David Hoelzer
The event also offers evening socialising and networking opportunities involving SANS Instructors and fellow industry peers. Demand for places at SANS London events have always been high so attendees are recommended to register online as soon as possible. For more information please visit https://www.sans.org/event/london-in-the-spring-2016/