Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
SANS Training and GIAC Certification Update

From: The SANS Institute (sanssans.org)
Date: Tue Apr 29 2003 - 07:20:25 CDT

SANS and GIAC Update
Edition 10

This is the tenth status and update report since January 2000 and is
packed with data that will help you get more value from SANS and GIAC.
We have a tremendous number of initiatives underway. SN

Topics Covered
1) Did you miss your opportunity to complete your certification?
     Need help?
2) Windows .NET Framework Security
3) Track 9 is now SANS Security + and Approved by CompTIA
4) A New Track 12 for Chief Information Security Officers who need
    to manage technical people
5) The New SANS Portal
6) Three major training initiatives to help when a conference is not
    ideal for you
 6a) Instructor-Led Online Training
 6b) Local Mentor and Local Instructor Programs
 6c) Onsite SANS Training
7) One day course on Business Law and Computer Security, Dallas TX
8) Four New Publications from SANS Press
9) SANS Recognized by New York City Police Department
10) GIAC Announces the first GSE Certifications
11) SCORE Update
12) SANS Training Worldwide
13) Dry T-shirt contest - Complete description and contest rules
14) Security Tool Survey

1) Did you miss your opportunity to complete your certification?
    Need help?

I have received a large number of notes from people who took a
SANS training track, but did not sign up for, or complete their
certification, and now see the value in having the credentials
and proof of mastery that comes from GIAC certification. We have a
mechanism to help that we want to experiment with for a limited time.
Have you taken a SANS track since January 2001 without completing
certification? If there is a Local Mentor Program for your track
running in your city, you may join the group for the price of $550.00.
This will allow you to review the latest courseware and the mentor
will help you with the practical component of the certification.
Visit http://www.sans.org/onlinetraining/mentor/ or write

2) Microsoft .NET Framework Security

David Rice, probably one of the two or three top experts on .NET
security in the nation, is well on his way to completing a one day
.NET Framework security course. We plan to run the first beta of
the course in Tysons Corner, VA on Thursday, July 24, 2003.

3) Track 9 is now SANS Security + and has earned the CompTIA approval

Track 9 used to be Information Security Officer and, while it was
a wonderful track, it continually drew two audiences with radically
different needs, chief security officers and students just getting
started in information security. The new Track 9, SANS Security +
is an entry-level course. We have been evaluated by CompTIA and
this course has been approved. It will prepare you for the CompTIA
Security + certification. We are also developing this course as
a book. People often contact us about licensing courseware to teach
at their University or professional education shop. We will be
able to help universities and other training organizations launch
Security+ training programs. If you would like to be added to the
list to receive information when the programs starts in August please
contact exhibits@sans.org.

4) A New Track 12 for chief information security officers who need
    to manage technical people

To meet the needs of senior security and IT managers, the new Track 12,
SANS Security Leadership Essentials has been launched. At its first
running in San Diego it received rave reviews from an audience that
included CISOs, IS managers and even four federal chief information
officers. It's the first program that helps senior managers get what
they need to guide the technical security people. It's being offered
in San Francisco June 10-23 and in Washington, at SANSFire 2003,
on July 16-19. See http://www.sans.org for details.

5) The SANS Portal

http://portal.sans.org is the one place to go to manage all your SANS
newsletter subscriptions and land mail preferences. We've prefilled
the database with data from various other SANS databases, so if you
are receiving this mailing, you probably already have an account! Just
enter your email address and click "Reset Password" to receive an
initial email verification. Then login and edit your preferences.

You can even customize the look of "your" SANS home page by adding
various headlines and up-to-the-minute security news to the page.
In the coming weeks and months we'll be adding more features to the
SANS Portal to make it your one-stop for SANS and security-related
information. We welcome your feedback to portal@sans.org.

6) Three major initiatives to meet training needs when a conference
    is not ideal for you

For any number of reasons, travel to a conference may not be ideal
for you. We offer a number of programs to meet the needs of every
professional. We have Instructor Led Online Training (ILOT), Local
Mentor, Local Instructor and Onsite training to meet your needs.

(a) SANS Instructor Lead Online Training (ILOT) is synchronous;
involving regularly scheduled online classes taught by our most
entertaining instructors. You can take this live course from anywhere
in the world without leaving your home or office. The next offering
is SANS Security Essentials including the CISSP CBK, May 20 - June
26, 2003.

(b) The Local Instructor and Local Mentor Programs are our way
of bringing The SANS Institute to more communities on a regular
basis. Both local programs are ideal for those professionals needing a
flexible schedule but who still want instructors or mentors to answer
questions and help pace the learning process.
For details, please see http://www.sans.org/onlinetraining/mentor/
or send an email to sweil@sans.org.

(c) Onsite SANS Training is our fastest growing program. It is ideal
when you want SANS to come to you. These courses are all taught by the
same SANS instructors you find at the largest SANS conferences. They
are willing to sign Non Disclosure Agreements, if you wish, so they
can adapt the training and discussion to your organization's actual
security architecture, challenges, and incidents.

7) One day course on Business Law and Computer Security
    Dallas TX, Thursday, June 26, 2003 Ben Wright

Legal liability and compliance with regulations is becoming more and
more important for security administrators. This is your opportunity to
get up to speed fast on digital records management. The course will
introduce emerging problems, such as liability for privacy breaches
and the problems of disclosing homeland security information to the
government, and will suggest specific action items for you to take
back to your job. Participants will examine many actual court cases.

8) Four New Publications or Edition Updates from SANS Press

SANS Press now has three new books in the SANS Step-by-Step Series
and one from the Gold Standard Training series! All can be purchased
through the SANS Online Store at http://store.sans.org.

Securing Linux - A Survival Guide for Linux Security (Version 1.0)
Printed Version $39, Departmental PDF: $299 PDF Unlimited License:

Computer Security Incident Handling (Version 2.3.1) Printed Version
$39, Departmental PDF: $299 PDF Unlimited License: $1800.

Oracle Security: Step-by-Step Printed Version 99.95, Departmental
PDF $499, Unlimited License $2,995

Securing Windows 2000 Professional Using the Gold Standard Security
Template (Version 3.0) Printed Version-Product ID: W2PG.1, Price: $39

For more information, write to us at store@sans.org or visit

9) SANS Recognized by New York City Police Department

The New York City Police Department's Computer Investigations and
Technology unit recognized The SANS Institute and the related GIAC
Certification at an award ceremony recently. SANS was identified as
a key organization for their support of the Computer Investigations
and Technology Unit since September 11, 2001. One of the Detectives,
Anthony Reyes, explained the efforts that SANS has made to reach
out to the NYPD for priority seating as volunteers at conferences
and in other areas has made a significant impact on the knowledge
level of the officers and as a result, improved their ability to
conduct investigations. We are thankful for the award, but we all
know the people of New York City are the true heroes. Let us each
take a minute to remember the heroism of the Fire, Police and Port
Authority workers of New York City.

10) GIAC announces the first GSE Certifications

GIAC recently held the first round of GSE (GIAC Security Expert)
testing and has announced that two candidates have successfully
achieved the Security Expert Certification. The GIAC Security Expert
exam is considered to be the toughest exam in Information Security,
consisting of four eight hour days of grueling hands on testing.
One of the GSE candidates compared the GSE to his Doctoral work in
Physics explaining, "I think every section of the exam was tougher
than anything that I have previously encountered."

11) SCORE Update

SCORE is a consensus security research project to develop best practice
security guides and audit checklists. We just posted Angela Loomis'
web application audit checklist at:

Teams are now being put together to prepare/update the following
checklists: (Team leaders are in parenthesis)

7799 standards (Valliappan Thiagarajan)
Linksys broadband routers (Timothy W. Wright)
Web applications (Mark Curphey)
Mac OS X (TBD)

Other checklists are to be updated and added based on recommendations
from the security community. If you have substantial expertise in
implementing and/or securing these or other products and want to help
develop the checklists, contact Algis Kibirkstis at score@sans.org.

12) SANS Training Worldwide

The calendar is sizzling with a great selection of SANS conference
locations and red-hot training opportunities for everyone from IT
professionals just starting out in security to those who have been
around the track and are ready to accelerate their careers. SANS
world-class training is the most advanced program you can get,
provided by the best instructors in information security, people who
are full-time practitioners and great teachers. You will leave the
conference with the skills and confidence needed to implement cutting
edge tools and techniques as soon as you get back to the workplace.
Then, prove you know your stuff! Leverage your learning by earning a
GIAC certification. SANS training and GIAC certification are one-two
punches that can knock out cyber crime.

Information security is rapidly developing muscle and support. Despite
the loss of two top cybersecurity advisors, White House initiatives
have resulted in security becoming a required feature rather than an
afterthought. Standards such as benchmarks developed by the Center for
Internet Security and those under development by NIST make it tougher
for cyber criminals to breech our systems. The timing has never been
better for us to make a difference, but we must each do our part to
secure our piece of cyberspace. Seize this chance to strengthen your
expertise and help the information assurance community put cyber
criminals out of business. If you know of others who would benefit
from being in these classes, please let them know too about these
timely training opportunities.

SANS North Pacific, May 5-10, 2003 in Portland, Oregon

SANS Great Lakes, May 18-23, 2003 in Chicago, Illinois

SANS Peachtree, June 2-7, 2003 in Atlanta, Georgia

SANS Computer Security Bootcamp, June 11-16, 2003 in Monterey, California

SANS Golden Gate, June 18-23, 2003 in San Francisco, California

SANS Hammersmith-London, June 23-28, 2003 in London, England

SANS Business Law, June 26, 2003 in Dallas, Texas

SANSFIRE 2003, July 14-19, 2003 in Washington, DC

SANS National Information Assurance Leadership, July 21-23, 2003 in Washington, DC

SANS Down Under, July 28-August 2, 2003 in Melbourne, Australia

SANS Parliament Hill, August 11-16, 2003 in Ottawa, Canada

SANS Rocky Mountain, August 14-19, 2003 in Denver, Colorado

SANS Virginia Beach, August 24-29, 2003 in Virginia Beach, Virginia

SANS Spain, September 8-13, 2003 in Madrid, Spain

SANS New England, September 15-20 in Boston, Massachusetts

SANS Los Angeles, September 29-October 4, 2003 in Los Angeles, California

SANS New York, October 9-14, 2003 in New York City

SANS Amsterdam, October 27-November 1, 2003 in Amsterdam, Netherlands


Call for T-shirt designs

Have you ever wondered where all those unique SANS conference t-shirts
come from? We thought it might be fun to get some fresh ideas,
so SANS is having a T-shirt Design Contest. We will announce the
winning designer at SANS Monterey, June 11-16, 2003. The design will
debut on the t-shirt for SANSFIRE 2003 in Washington, DC this July.
SANS will award a winner and runner up. Put your creative cap on
and have some fun.

The winning t-shirt will state "designed by" <winner's name> and the
winner will receive their choice of any five SANS Step-by-Step books.
The runner up will receive a SANS polo shirt.

Go to www.sans.org and look at the SANSFIRE Conference information.
While you are there, register for the conference!

The rules are:

Submit as many designs as you want. Send to tshirt@sans.org.

The logo will be printed in either 2 or 3 colors. The winner's name
will also appear on the shirt. The shirt will print on an ash grey
or natural background most easily; keep the background color in mind
as you are designing. If we are using a photo in the design it should
be a minimum of 300 dpi in resolution. If it is lower than this,
the image will not be crisp and clean for printing. Artwork provided
should be done in a graphics format such as Adobe Illustrator (Mac)
or Corel Draw (Windows). If you do not have access to this type of
program, we can convert it for you.

Obviously, no offensive language/vulgar/racial art or language will
be considered.

Refrain from political propaganda.

Respect others' intellectual property by using original designs.

No brand names, logos, etc. other than SANS.

All designs submitted become the property of SANS.

This contest is open only to those who are 18 years of age or older
at time of entry.

The final design may have to be formatted or changed slightly, to
fit printing requirements.

Employees of SANS Institute, their affiliates, subsidiaries,
advertising and promotion agencies and their immediate family members
and/or those living in the same household of each are not eligible.

This contest is void in Puerto Rico and where prohibited by law.

No substitution or transfer of prizes permitted. All federal, state
and local taxes are the sole responsibility of the winners. All
federal, state, and local laws and regulations apply.

SANS will decide on the top designs, which will then be posted to
the web. All visitors to the SANS web site will be able to vote
for the design they like best. The top two will be chosen, based
on those votes. Winners will be notified by surface mail and their
names will be posted on the SANS web site after June 16th, 2003.

In the event that no winner is chosen, SANS will design in house.

This promotion is sponsored by the SANS Institute, 5401 Westbard
Avenue, Bethesda, MD 20816.

14) Security Tool Survey

Stephen Northcutt has been running paper surveys at major conferences
to track the tools such as firewalls and intrusion detection
systems that you are using. The survey is almost ready to go live
and we need about 50 beta testers. Our guess is by putting this
as item 14 on the update, that is about how many people will read
this far down :) Please help, it is data that will benefit the
entire community if we can collect it. Will you take the survey,
http://portal.sans.org/surveys/vendortools.php look for errors such
as spelling or tools that you feel are in the wrong category and
write Stephen@sans.org with any feedback.

To change your subscription, address, or other information, go to