MGT516: Managing Security Vulnerabilities: Enterprise and Cloud

Course: MGT516: Managing Security Vulnerabilities: Enterprise and Cloud

MGT516 helps you think strategically about vulnerability management in order to mature your organization's program, but it also provides tactical guidance to help you overcome common challenges. By understanding and discussing solutions to typical issues that many organizations face across both traditional and cloud operating environments, you will be better prepared to meet the challenges of today and tomorrow. The Cyber42 game that forms part of the course puts students in the driver's seat for the fictional Everything Corporation ("E-Corp") and allows them to select certain initiatives that will mature E-Corp's VM program. Students will also need to choose how to respond to 13 realistic events that are sure to have an impact on their program. Depending on how students respond, E-Corp's security culture and the maturity of the different components of its VM program will be impacted. These tabletop exercises will enable students to put the skills they are learning into practice when they return to work at their own organizations.
 
 MGT516 helps you think strategically about vulnerability management in order to mature your organization's program, but it also provides tactical guidance to help you overcome common challenges. By understanding and discussing solutions to typical issues that many organizations face across both traditional and cloud operating environments, you will be better prepared to meet the challenges of today and tomorrow. The Cyber42 game that forms part of the course puts students in the driver's seat for the fictional Everything Corporation ("E-Corp") and allows them to select certain initiatives that will mature E-Corp's VM program. Students will also need to choose how to respond to 13 realistic events that are sure to have an impact on their program. Depending on how students respond, E-Corp's security culture and the maturity of the different components of its VM program will be impacted. These tabletop exercises will enable students to put the skills they are learning into practice when they return to work at their own organizations.

What You Will Learn
Stop Treating Symptoms. Cure The Disease.

This course will show you the most effective ways to mature your vulnerability management program and move from identifying vulnerabilities to successfully treating them. You will learn how to move past the hype to successfully prioritize the vulnerabilities that are not blocked, then clearly and effectively communicate the risk associated with the rest of the vulnerabilities in your backlog that, for a variety of reasons, cannot currently be remediated. You'll also learn what mature organizations are doing to ease the burden associated with vulnerability management across both infrastructure and applications as well as across both their cloud and non-cloud environments.

This Course Will Prepare You To:

• Create, implement, and mature your vulnerability management program
• Establish secure and defensible enterprise and cloud computing environments
• Build an accurate and useful inventory of IT assets in the enterprise and the cloud
• Identify existing vulnerabilities and understand how to meaningfully use this information
• Better analyze the output of VM tools and related technology to make the data more actionable
• Prioritize vulnerabilities for treatment based on a variety of techniques
• Effectively report and communicate vulnerability data within your organization
• Understand treatment capabilities and better engage with treatment teams
• Make vulnerability management more fun and engaging for all those involved

MGT516 provides you with the information you need to skillfully fight the VM battle. Learning is reinforced through lab exercises, including the Cyber42 game. The game puts students in the driver's seat for the fictional Everything Corporation ("E-Corp"). Students will have to select three major initiatives throughout the course that will mature E-Corp's VM program, and they'll also need to choose how to respond to 13 realistic events that are sure to have an impact on their program. Depending on how students respond, E-Corp's security culture and the maturity of the different components of its VM program will be impacted. These tabletop exercises will enable students to put the skills they are learning into practice when they return to work at their own organizations.

Succeed Where Many Are Failing

Vulnerability, patch, and configuration management are not new security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage these capabilities effectively. The quantity of outstanding vulnerabilities for most large organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new vulnerabilities in their infrastructure and applications. When you add in the cloud and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, security may seem unachievable.

This course highlights why many organizations are still struggling with vulnerability management and shows students how to solve these challenges. How do we manage assets successfully and analyze and prioritize vulnerabilities? What reports are most effective? How do we deal with vulnerabilities in our applications, and how do we treat them? How do we make vulnerability management fun and get everyone to engage in the process? We'll not only answer these questions, but also examine how the answers change as we move to the cloud, implement the private cloud, or roll out DevOps within our organizations.

The primary goal of this course is to help you succeed where many are failing and to present solutions to the problems many organizations are experiencing or will experience as they mature. Whether your vulnerability management program is well established or just starting, this course will help you think differently about vulnerability management.

By understanding common issues and how to solve them, you will be better prepared to meet the challenges ahead and guide your IT teams and the broader organization to successfully treat vulnerabilities. Through discussion-based labs and other exercises in the MGT516 course, you will learn specific analysis and reporting techniques. The Cyber42 game will allow you to experience the issues you may face when building out your own program or responding to events in your environment.

The course is based on the Prepare, Identify, Analyze, Communicate, and Treat (PIACT) Model:

• Prepare: Define, build, and continuously improve the program
• Identify: Identify vulnerabilities present in our operating environments
• Analyze: Analyze and prioritize identified vulnerabilities and other program tasks to provide meaningful assistance and guidance to stakeholders and program participants
• Communicate: Present the results of your analysis appropriately and effectively to all stakeholder groups to help them understand the corresponding risks and treatment options
• Treat: Implement, test, and monitor solutions to vulnerabilities, vulnerability groups, and broader issues identified by the program

What About The Cloud?

Knowing that many organizations are adopting cloud services in addition to more traditional operating environments, we'll also look at different cloud service types throughout the course and how they impact the program. We will highlight some of the tools and processes that can be leveraged in each of these environments and present new and emerging trends.

WHAT YOU WILL RECEIVE

Student manuals containing the entire course content and lab introductions and debriefs
Access to lab materials and bonus content on the class website

ADDITIONAL RESOURCES

Cyber42 Cybersecurity Leadership Simulation Game Days
Operational Cybersecurity Executive Triad
Rekt Casino Hack Assessment Operational Series: Vulnerability Management Gone Wrong
SANS Vulnerability Management Maturity Model Poster
SANS 2020 Vulnerability Management Survey, Nov 2020
SANS 2020 Vulnerability Management Survey: A Panel Discussion, Nov 2020
SANS Vulnerability Management Maturity Model, Aug 2020
How to Communicate about Security Vulnerabilities, Jan 2020
Cloud Security Vulnerabilities, Management, and Communication, Dec 2019
Security Vulnerability Prioritization: Managing Millions of Vulns, Nov 2019
Five Keys for Successful Vulnerability Management, June 2019
Next-Gen Vulnerability Management: Clarity, Consistency, and Cloud, June 2019

WHAT TO TAKE NEXT

Cloud Security Courses
SEC540: Cloud Security and DevOps Automation
SEC510: Multicloud Security Assessment & Defense
SEC541: Cloud Monitoring and Threat Hunting
SEC588: Cloud Penetration Testing
Management Courses
SEC566: Implementing and Auditing the Critical Security Controls
MGT551: Building and Leading Security Operations Center
SEC557: Continuous Automation for Enterprise and Cloud Compliance
MGT521: Driving Cybersecurity Change: Establishing a Culture of Protect, Detect, and Respond
SANS Video

Syllabus (30 CPEs)
Download PDF 
MGT516.1: Overview: Cloud and Asset Management

MGT516.2: Identify

MGT516.3: Analyze and Communicate

MGT516.4: Treat

MGT516.5: Buy-in, Program, and Maturity

Prerequisites
A basic understanding of risk management objectives and IT systems and operations is recommended for this course.

Laptop Requirements
You must bring a computing device (laptop or tablet) with the latest version of Microsoft Excel. This will be used for multiple exercises throughout the course.

The Cyber42 game used in this course is hosted on Amazon Web Services (AWS). Students must have a computer that does not restrict access to AWS services. Corporate machines may have a VPN, intercepting proxy, or egress firewall filter causes connection issues communicating with AWS. Students must be able to configure or disable these services to be able to access the Cyber42 game.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Who Should Attend MGT516?
CISOs
Information security managers, officers, and directors
Information security architects, analysts, and consultants
Aspiring information security leaders
Risk management professionals
Business continuity and disaster recovery planners and staff
IT managers and auditors
IT project managers
IT/system administration/network administration professionals
Operations managers
Cloud service managers and administrators
Cloud service security and risk managers
Cloud service integrators, developers, and brokers
IT security professionals managing vulnerabilities in the enterprise or cloud
Government IT professionals who manage vulnerabilities in the enterprise or cloud (FedRAMP)
Security or IT professionals who have team-lead or management responsibilities
Security or IT professionals who use or are planning to use cloud services