Security Musings

Security Musings

Musings: Press Releases

This series will include press releases from The SANS Institute covering computer, network, and information security training.

Other Related Articles in Musings: Press Releases


Press Release: Management 512 Security Leadership Essentials for Managers now NIST SP800 Compliant


By Stephen Northcutt

The SANS Institute
Contact Diane Sardi
FOR IMMEDIATE RELEASE
January 30, 2008

Tel: (808) 823-1375
Email: dsardi@sans.org

SANS announces computer security management training is now NIST SP800 compliant. SANS Security Leadership Essentials For Managers, is now incorporating guidance from NIST Special Publications in the 800 series. According to Management 512 author, Stephen Northcutt, a fellow of the SANS faculty, "the Special Publication 800 series established in 1990 is a leading source of guidance for computer security, and they collaborate with industry, government, and academic organizations. I first started focusing on these when developing our Service Oriented Architecture course for managers; they really did a great job on that. Later, when I was updating the incident handling section of my course, I observed that our material was very similar, but the book I authored on incident handling was several years old; the SP800 had newer material, and to avoid confusion, I decided to treat their document as the authoritative source. Finally, since we both have a document for information security managers, I began to base the appropriate parts of my course on their Information Security Handbook: A Guide for Managers. My course is more extensive than this handbook, but when possible, I try to reference their guidance."

The Security leadership course is related to the GIAC GSLC certification. Since this is ANSI certified, it is important that the certification reflect the actual job tasks a computer security manager faces. By incorporating the NIST guidance, the course and certification should be able to better meet the needs of security managers, especially the ones that work for the US Government. This inaugural run of the course with integrated NIST SP800 guidance is scheduled for March 3, 2008 in Chicago. The instructor will be Stephen Northcutt.

SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. SANS also sponsored the creation of GIAC, a leading industry security certification. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.

# # #

If you would like more information about this topic, or to schedule an interview with Stephen Northcutt, contact Diane Sardi at (808) 823-1375 or send email dsardi@sans.org. URLs referenced in this press release are shown below.

http://csrc.nist.gov/publications/PubsSPs.html
http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf
http://www.sans.org/press/service_oriented_architecture.php
http://csrc.nist.gov/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf
http://www.sans.org/ohare08/description.php?tid=1627