SANS IT Security Audit Bootcamp

= SANS: IT Security Audit Essentials Bootcamp : AUD429 =

Course: IT Security Audit Essentials Bootcamp Course ID: SB2DSAB / SANS Course ID : AUD429 Instructor: SANS Instructor CPE Credits: 14 CPE’s Duration: 2 Days Date: November 19th - 20th, 2009 (9 AM – 6 PM)

Learn about AUD429 course at SANS

Who should attend? • IT Security Audit Essentials is designed for individuals entering the information security industry who are tasked with auditing organization policy, procedure, risk, or policy conformance. This course will help students develop a firm grasp of information security principles and issues and will equip them to develop best practice audit checklists. Audit 429 helps you prepare for SANS signature audit course, Audit 507: Auditing Networks, Perimeters, and Systems.

Class Pre-requisite:  • This hands-on bootcamp course will help you get started in the field of information technology and security auditing.

Class Requirement:

Students attending Audit 429 should bring a laptop meeting the following as a minimum: • 1GB of RAM • 10 gigabytes of free space on the hard drive • Windows XP Professional • Bootable CDROM drive

Students must have local Administrator rights on the system to complete several of the lab exercises. They should also have the rights to be able to temporarily disable any security software running on their laptop (personal firewall, anti-virus, anti-malware, etc). Students should also be familiar with any steps required to force the laptop to boot from the CDROM drive provided that bootable CD is present. We strongly recommend that students apply all patches and service packs to their system before attending the course if possible. Many students have recommended bringing two laptops - one for your e-mail and whatever work that you need to accomplish while on-site and a second "loaner" laptop that will likely be wiped when returned to your office. You should likely view any network at this training event as "hostile."

Students may also find it helpful to bring a version of VMWare Workstation if they have a licensed version available to them. While not required for the course, there are times when the students may find it helpful to have such software available. Also a copy of the media used to install their operating system (Windows XP Pro) may be helpful for any troubleshooting that may be required during the course.

Many of the labs in this course will also function perfectly fine on Windows Vista or on Mac OS X workstations; however, students will find that many tools will not run as expected under these operating systems. Therefore it is recommended that students bring a system pre-installed with Windows XP Professional to facilitate the learning process. Official support for the labs will be under this operating environment

Course Description: In the SANS AUD429: IT Security Audit Essentials course, we feel that we have put together a very strong audit training program, giving both audit theory and strong technical details. It covers the essentials of security, compliance, and IT auditing -- everything you need, nothing you don't. As each topic is discussed in the class, we will strive to first teach the underlying theories and then explain how and what about these topics require the attention of an auditor or compliance officer. The course is presented hands-on so that students can receive the most benefit by actually trying what is described in the lectures. This class is not a CISA prep course; instead, this course, AUDIT 410: IT Security Audit and Control Essentials, and AUDIT 507: Auditing Networks, Perimeters, and Systems fill in all of the technical how-to blanks, giving you real-world hands-on audit practice for technologies currently in use. Throughout the class we've tried very hard to make sure that we are presenting all of the foundations of information security in connection with current information technology, while continually asking and answering "Why does an auditor care about this?" In the information assurance and validation field there is a real need for qualified auditors. Without professionals who can help us to see how well we're performing security tasks, we create blind spots in our security vision, believing that we are perhaps more secure than we actually are. The trouble is finding a source of comprehensive Infosec information as it applies to auditing. This class was created to address this specific need and allows an attendee to leave with all of the key security principles and concepts from security essentials coupled with a clear understanding of how to apply them to information assurance and auditing. Day one of this course introduces key technologies and systems relating to these problems, tying each of them directly to audit controls and activities for the measurement of overall security. Initial concepts of auditing are covered utilizing an enterprise risk management framework - building on security policy to evaluate controls used to protect information systems. Once a background in control and risk fundamentals has been covered, students are given an opportunity to assess technical systems beginning with network perimeters and firewalls in order to give the students real-world experience with these technologies. Electronic commerce and data interchange has become the way to do business in the twenty-first century. Organizations want to know if they're secure and what they need to do to become more secure. This course will provide an auditor with the technical underpinnings of these technologies followed up with hands-on testing and validation exercises so that these questions can be answered. Specifically, the auditor will continue to have an opportunity to build on the skills obtained in the first day of the course by covering core encryption concepts. Finally the students will spend the remainder of the day hands-on auditing both Microsoft Windows and Unix operating environments to lay a foundation for auditing systems they may encounter.