MGT512: Security Leadership Essentials For Managers

Provided by SANS
Certification
GSLC Certification
Qualification level
GSLC Certification
Location
Live/Online
Study type
Distance learning
Duration
View Website
Price
View Website

About the course

Security managers need both technical knowledge and management skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This is a big and important job that requires an understanding of a wide array of security topics.

This course empowers you to become an effective security manager and get up to speed quickly on information security issues and terminology. You won't just learn about security, you will learn how to manage security.

To accomplish this goal, MGT512 covers a wide range of security topics across the entire security stack. Data, network, host, application, and user controls are covered in conjunction with key management topics that address the overall security lifecycle. This also includes governance and technical controls focused on protecting, detecting, and responding to security issues.

This approach prepares you to:

  • Make sense of different cybersecurity frameworks
  • Understand and analyze risk
  • Understand the pros and cons of different reporting relationships
  • Manage technical personnel
  • Build a vulnerability management program
  • Inject security into modern DevOps workflows
  • Strategically leverage a SIEM
  • Change behavior and build a security-aware culture
  • Effectively manage security projects
  • Enable modern security architectures and the cloud

MGT512 uses case studies, group discussions, team-based exercises, and in-class games to help students absorb both technical and management topics.

 

Course Syllabus

MGT512.1: Building Your Program

Overview

The course starts with a tour of the information and topics that effective security managers and leaders must know to function in the modern security environment. This includes an understanding of the different types of cybersecurity frameworks available to structure your security team and program. Risk is central to effective information security management, and key risk concepts are discussed to lay the foundation for effective risk assessment and management. Security policy is a key tool that security managers use to manage risk. We'll cover approaches to policy to help you plan and manage your policy process. Finally, security functions, reporting relationships, and roles and responsibilities are discussed to give the advancing manager a view into effective security team and program structure.

CPE/CMU Credits: 6

Topics

 

  • Security Frameworks
    • Control, Program, and Risk Frameworks
  • Understanding Risk
    • Risk Concepts
    • Calibration
    • Risk Assessment and Management
  • Security Policy
    • Purpose of Policy
    • Risk Appetite Statement
    • Policy Planning
    • Managing Policy
  • Program Structure
    • Security Functions
    • Reporting Relationships
    • Three Lines of Defense
    • Roles and Responsibilities

 

MGT512.2: Protecting Data and Networks

Overview

Day 2 provides foundational knowledge to protect data and networks. This includes building an understanding of cryptography concepts, encryption algorithms, and applications of cryptography. Since encrypting data alone is not sufficient, the distinction between privacy and security is discussed to give managers a primer on key privacy concepts. Finally, a thorough discussion of network security is modeled around the various layers of the network stack. This allows managers to gain a deeper understanding of what their teams are talking about, what vendors are selling, and where various issues and protections lay within the seven layers of the network model.

CPE/CMU Credits: 6

Topics

  • Data Protection
    • Cryptography Concepts
    • Encryption Algorithms
    • Encryption Applications
  • Privacy Primer
    • Privacy and Security
  • Network Security
    • Layer 1 and 2: Overview and Attacks
    • Layer 3

      • VPNs and IPSec
      • IPv6 Considerations
    • Layer 4: TCP and UDP
    • Application Layer
      • Proxie, NGFW, IDS, NSM

 

MGT512.3: Protecting and Patching Systems

Overview

Day 3 is focused on protecting and patching systems. This includes coverage of host security that encompasses endpoint and server security along with malware and attack examples. Modern infrastructure as code approaches and tools are also discussed as ways to automate consistent deployment of standard configurations. Managers must also be knowledgeable about software development processes, issues, and application vulnerabilities. Coverage includes an overview of the secure SDLC, OWASP Top Ten, and leading-edge development processes built on DevOps. Managers must also understand physical security controls that, when not implemented appropriately, can cause technical security controls to fail or be bypassed. All of these issues and corresponding vulnerabilities must be appropriately managed. This leads to a discussion on building a vulnerability management program and the associated process for successfully finding and fixing vulnerabilities.

CPE/CMU Credits: 6

Topics

  • Host Security
    • Endpoint Security
    • Server Security
    • Malware and Attack Examples
    • Infrastructure as Code
  • Application Security
    • Secure SDLC
    • OWASP Top Ten
    • Secure DevOps
  • Physical Security
    • Issues and Controls
  • Vulnerability Management
    • PIACT Process
    • Vulnerability Overview
    • Finding and Fixing Vulnerabilities
    • Communicating and Managing Vulnerabilities

 

MGT512.4: Leading Modern Security Initiatives

Overview

Day 4 covers what managers need to know about leading modern security initiatives. Security awareness is a huge component of any security program that is focused on driving activities that lead to changes in human behavior and creating a more risk-aware and security-aware culture. For any project or initiative, security leaders must also be able to drive effective project execution. Having a well-grounded understanding of the project management process makes it easier to move these projects forward. The cloud is a major initiative that many organizations are either tackling now or planning to undertake. To get ready for these initiatives, an overview of Amazon Web Services (AWS) is provided to serve as a reference, along with a discussion of key cloud security issues based on the Cloud Security Alliance guidance. The cloud, the rise of mobile devices, and other factors are highlighting weaknesses in traditional, perimeter-oriented security architectures. This leads to a discussion of the Zero Trust Model. To execute such new initiatives security leaders must also develop negotiation skills and the ability to manage highly technical team members.

CPE/CMU Credits: 6

Topics

  • Security Awareness
  • Maturity Model
  • Human Risks
  • Project Management
  • Projects, Programs, Portfolios
  • Project Management Process
  • Cloud Security
  • Cloud Security Alliance (CSA) Guidance
  • Amazon Web Services (AWS) Overview
  • Moving to the Cloud
  • Modern Security Architecture
  • Zero Trust Model
  • User, Device, and Application Authentication and Access
  • Management Methods
  • Negotiations Primer
  • Managing Technical People

 

MGT512.5: Detecting and Responding to Attacks

Overview

Day 5 is focused on detection and response capabilities. This includes gaining appropriate visibility via logging, monitoring, and thinking strategically about a security information and event management (SIEM) system. These logs are a core component of any Security Operations Center (SOC). The key functions of a SOC are discussed along with how to design, build, operate, and mature security operations for your organization. The incident response process is discussed in relation to identifying, containing, eradicating, and recovering from security incidents. This leads into a discussion of longer-term disaster recovery and business continuity planning. Finally, the course ends with a war game that simulates an actual incident. This tabletop simulation contains a number of injects or points at which students are presented with additional information to which they can respond. After dealing with the incident itself, the simulation concludes with a game focused on choosing appropriate security controls to mitigate future incidents.

CPE/CMU Credits: 6

Topics

  • Logging and Monitoring
    • SIEM Goals
  • Security Operations Center (SOC)
    • SOC Essential Functions
    • Design, Build, Operate, and Mature
    • Governance Structure
    • Technical Components
  • Incident Response
    • PICERL Process
    • Staffing Considerations
  • Contingency Planning
    • Disaster Recovery
    • Business Continuity Planning
  • War Game
    • Tabletop Simulation

 

Who Should Attend

  • Security Managers
    • Newly appointed information security officers
    • Recently promoted security leaders who want to build a security foundation for leading and building teams
  • Security Professionals
    • Technically skilled security administrators who have recently been given leadership responsibilities
  • Managers
    • Managers who want to understand what technical people are telling them
    • Managers who need an understanding of security from a management perspective

 

Prerequisites

This course covers the core areas of security leadership and assumes a basic understanding of technology, networks, and security. For those who are brand new to the field with no background knowledge, the recommended starting point is the SEC301: Intro to Information Security course. While SEC301 is not a prerequisite, it will provide the introductory knowledge that will help maximize the experience with MGT512.

 

What You Will Receive

  • Student books containing the entire course content
  • MP3 audio files of the complete course lecture

 

Contact the course provider: