UK: SANS Spring London 2016 will welcome a growing community of security auditors set to refresh skills on the recently updated AUD507: Auditing & Monitoring Networks, Perimeters & Systems course which is one of eight security training tracks in London in February.
According to course author and industry expert David Hoelzer, “One of the struggles that IT auditors face today is assisting management to understand the relationship between the technical controls and the risks to the business that these affect. This track is organised specifically to provide a risk driven method for tackling the enormous task of designing an enterprise security validation program.”
Hoelzer, a SANS Fellow instructor and author of more than twenty sections of SANS courseware, is an expert in a variety of information security fields and was recently called upon to serve as an expert witness for the Federal Trade Commission for ground-breaking GLBA Privacy Rule litigation. Over a 25 year career, Hoelzer has also written and contributed to more than 15 peer reviewed books, publications, and journal articles on all manner of security topics including extensive works on audit.
“In today's information security world, most enterprises are either already moving toward or seriously considering moving toward compliance with any number of a variety of security standards that represent best practice.,” says Hoelzer, “One of the key topics covered in this material is an effective risk based method for the specification or selection of controls. This skill set allows you to analyse an existing set of controls, a business process, an audit exception or a security incident, identifying any missing or ineffective controls. More importantly, perhaps, you will be able to easily identify what corrective actions will eliminate the problem in the future.”
As a SANS instructor, Hoelzer has trained security professionals from organisations including NSA, DHHS, Fortune 500 security engineers and managers. In his view, “Auditors, Administrators and Security Managers alike walk away with a ‘To-Do’ list far longer than the one that they arrive with. The aim is to align your security operations and auditing with business operations in a way that delivers the biggest return on investment.”