AUD507: SANS Cyber Security Leadership NOVA 2023

Provided by

Enquire about this course

What You Will Learn

Controls That Matter - Controls That Work

This course is organized specifically to provide a risk-driven method for tackling the enormous task of designing an enterprise security validation program. After covering a variety of high-level audit issues and general audit best practices, students will have the opportunity to delve into the technical "how-to" for determining the key controls that can be used to provide a high level of assurance to an organization. Real-wworld examples provide students with tips on how to verify these controls in a repeatable way, as well as many techniques for continuous monitoring and automatic compliance validation. These same real-world examples help the students learn how to be most effective in communicating risk to management and operations staff.

Students will leave the course with the know-how to perform effective tests of enterprise security in a variety of areas. The combination of high-quality course content, provided audit checklists, in-depth discussion of common audit challenges and solutions, and ample opportunities to hone their skills in the lab provides a unique setting for students to learn how to be an effective enterprise auditor.

"AUD507 has obvious practical applications, and it's great to see some of the most infamous hacking methods explained and executed in real time. In the labs, I'm getting hands-on experience with the tools. The opportunity to learn how to interpret the results taught me more in one afternoon than I've picked up here-and-there over an entire career." - Tyler Messa, AWS

  • Gain confidence in whether you have the correct security controls and they are working well
  • Lower your audit costs with effective, efficient security audits
  • Improve relevance of IT audit reporting, allowing the organization to focus on what really matters
  • Improve security compliance while reducing compliance and security risks, protecting your reputation and bottom line
  • How to apply risk-based decision making to the task of auditing enterprise security
  • Understand the different types of controls (e.g., technical vs. non-technical) essential to performing a successful audit
  • Conduct a proper risk assessment of an enterprise to identify vulnerabilities and develop audit priorities
  • Establish a well-secured baseline for computers and networks as a standard to conduct audit against
  • Perform a network and perimeter audit using a repeatable process
  • Audit virtualization hosts and container environments to ensure properly deployment and configuration
  • Utilize vulnerability assessment tools effectively to provide management with the continuous remediation information necessary to make informed decisions about risk and resources
  • Audit a web application's configuration, authentication, and session management to identify vulnerabilities attackers can exploit
  • Utilize scripting to build a system which will baseline and automatically audit Active Directory and all systems in a Windows domain
  • Utilize scripting to build a system which will baseline and automatically audit Linux systems

This course goes beyond simply discussing the tools students could use; we give them the experience to use the tools and techniques effectively to measure and report on the risk in their organizations. AUD507 uses hands-on labs to reinforce the material discussed in class and develop the "muscle memory" needed to perform the required technical tasks during audits. In sections 1-5, students will spend about 25% of their time in lab exercises. The final section of the course is a full-day lab that lets students challenge themselves by solving realistic audit problems using and refining what they have learned in class.

Students learn how to use technical tests to develop the evidence needed to support their findings and recommendations. Each section affords students opportunities to use the tools and techniques discussed in class, with labs designed to simulate real-world enterprise auditing challenges and to allow the students to use appropriate tools and techniques to solve these problems.
  • Section 1: Audit Sampling: Calculating samples and margins of error, Network scanning and Continuous Monitoring with Nmap, Network Discovery Scanning with Nessus
  • Section 2: Introduction to PowerShell and Scripting, Windows Management Instrumentation, System Information, Open Ports, Users and Groups, Permissions and Rights Assignments, Windows Logging
  • Section 3: Unix Scripting, System Information, Permissions, File Integrity, Logging and Monitoring
  • Section 4: Examining Hypervisors, Auditing Docker Security, Capturing and Analyzing Network Traffic, Analyzing and Validating Device Configurations, Testing Public Services
  • Section 5: Introduction to Web and Testing Technologies, Secure Server Configurations: TLS and Information Disclosure, Authentication Attacks, Authentication Information Disclosure, Logic Flaw, Input/Output Flaws: Cross-Site Scripting and SQL Injections
  • Section 6: Capture the Flag: Audit Essentials, Network Devices and Firewalls, Web Applications, Windows, Unix
"The labs or exercises were Excellent because provides knowledge, information and experience." - Amjad Awdhah Saeed Alshahrani, Site

"Today's NetWars was definitely a challenge and for me I needed the team so we could all use our strengths. Excellent coverage of everything we've learned without repeating exact exercises we had done in the week. Good way to know I did understand what we've been learning all week. The workbook was a good reference to return to." - Carmen Parrish, US Government

"The hands-on labs reinforce the learning from the book. I learn best when I can touch and feel the material being taught." - Rodney Newton, SAP

  • Section 1: How to be an IT auditor. What tools will make you look smart
  • Section 2: Using PowerShell and native tools to measure security of Windows systems and domains
  • Section 3: Understanding Unix security and how to use built-in tools and scripting to measure it
  • Section 4: Auditing security of hybrid cloud environments and enterprise networks
  • Section 5: Understanding and auditing the OWASP proactive controls for web applications
  • Section 6: Full-day hands-on lab exercise using all the skills and tools learned during the course
  • SANS SWAT Web App Checklist
  • IOS Access list cheat sheet
  • Regex cheat sheet
  • Sed one liners cheat sheet
  • Awk one liners cheat sheet
  • Printed and Electronic Courseware
  • MP3 audio file of the complete course lecture
  • Audit checklists

Depending on your current role or future plans, one of these courses is a great next step in your leadership journey:

Compliance or Auditor Professionals:
  • SEC557: Continuous Automation for Enterprise and Cloud Compliance
  • SEC566: Implementing and Auditing CIS Critical Controls
Technical Security Manager or InfoSec Technician:
  • MGT516: Managing Security Vulnerabilities: Enterprise & Cloud


Start date Location / delivery
06 Feb 2023 Tysons Corner Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...