AUD507: SANS Security Leadership 2022

Provided by

What You Will Learn

Performing IT security audits at the enterprise level can be a daunting task. How should you determine which systems to audit first? How do you assess the risk to the organization related to information systems and business processes? What settings should you check on the various systems under scrutiny? Is there a set of processes that can be put into place to allow an auditor to focus on the business processes rather than the security settings? How do you turn this into a continuous monitoring process? The material covered in this course will answer all of these questions and more.

AUD507 teaches students how to apply risk-based decision making to the task of auditing enterprise security.

This track is organized specifically to provide a risk-driven method for tackling the enormous task of designing an enterprise security validation program. After covering a variety of high-level audit issues and general audit best practices, students will have the opportunity to delve into the technical "how-to" for determining the key controls that can be used to provide a high level of assurance to an organization. Real-world examples provide students with tips on how to verify these controls in a repeatable way, as well as many techniques for continuous monitoring and automatic compliance validation. These same real-world examples help the students learn how to be most effective in communicating risk to management and operations staff.

AUD507 allows students to practice new skills in realistic, hands-on labs.

In this course, students learn how to use technical tests to develop the evidence needed to support their findings and recommendations. Each day affords students opportunities to use the tools and techniques discussed in class, with labs designed to simulate real-world enterprise auditing challenges and to allow the students to use appropriate tools and techniques to solve these problems.

We also go beyond simply discussing the tools students could use; we give them the experience to use the tools and techniques effectively to measure and report on the risk in their organizations. The final section of the course is a lab that lets students challenge themselves by solving realistic audit problems using and refining what they have learned in class.

The skills students learn in AUD507 can be used immediately after class.

Students will leave the course with the know-how to perform effective tests of enterprise security in a variety of areas. The combination of high-quality course content, provided audit checklists, in-depth discussion of common audit challenges and solutions, and ample opportunities to hone their skills in the lab provides a unique setting for students to learn how to be an effective enterprise auditor.

"AUD507 has obvious practical applications, and it's great to see some of the most infamous hacking methods explained and executed in real time. In the labs, I'm getting hands-on experience with the tools. The opportunity to learn how to interpret the results taught me more in one afternoon than I've picked up here-and-there over an entire career." - Tyler Messa, AWS

A Sampling of Course Topics
  • Audit planning and techniques
  • Effective risk assessment for control specification
  • Time-based assessment and auditing
  • Delivering effective reports to management
  • Auditing virtualization hosts
  • Understanding and auditing cloud services and containers
  • Effective network population auditing
  • Performing useful vulnerability assessments
  • Detailed router, switch and firewall auditing
  • OWASP Top Ten Proactive Controls for web applications
  • Auditing traditional web applications
  • Auditing web APIs, AJAX, and single-page applications
  • Windows PowerShell
  • Windows system auditing & scaling to the enterprise
  • Auditing Active Directory
  • Building an audit toolkit
  • Linux/UNIX auditing
HANDS-ON TRAINING:

AUD507 uses hands-on labs to reinforce the material discussed in class and develop the "muscle memory" needed to perform the required technical tasks during audits. An abbreviated sampling of the many lab topics includes:
  • Calculate Samples and Errors
  • Network Scanning and Continuous Monitoring with Nmap
  • Network Discovery Scanning with Nessus
  • Auditing Hypervisors
  • Auditing Docker Security
  • Wireshark, Switch Configuration Symptoms and Device Configuration Auditing
  • Auditing Public Services
  • HTML, HTTP and Burp
  • Analyzing TLS and Robots.txt
  • Fuzzing and Brute Forcing with Burp Intruder
  • Finding Injection Flaws
  • Scripting with PowerShell
  • Exploring WMI with PowerShell and WMIC
  • Discovering Operating System and Patch Levels
  • Querying Active Directory
  • Permissions, Rights and Logging
  • Unix Scripting
  • System Information, Permissions and File Integrity
  • Services and Passwords
  • Unix Logging, Monitoring and Auditing
YOU WILL BE ABLE TO:
  • Understand the different types of controls (e.g., technical vs. non-technical) essential to performing a successful audit
  • Conduct a proper risk assessment of an enterprise to identify vulnerabilities and develop audit priorities
  • Establish a well-secured baseline for computers and networks as a standard to conduct audit against
  • Perform a network and perimeter audit using a repeatable process
  • Audit virtualization hosts and container environments to ensure properly deployment and configuration
  • Utilize vulnerability assessment tools effectively to provide management with the continuous remediation information necessary to make informed decisions about risk and resources
  • Audit a web application's configuration, authentication, and session management to identify vulnerabilities attackers can exploit
  • Utilize scripting to build a system which will baseline and automatically audit Active Directory and all systems in a Windows domain
  • Utilize scripting to build a system which will baseline and automatically audit Linux systems
WHAT YOU WILL RECEIVE:

In this course, you will receive the following:
  • Printed and Electronic Courseware
  • MP3 audio file of the complete course lecture

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...