Announcements

• 2009-02-23 -- Consensus Audit Guidelines: Twenty Most Important Controls and Metrics for Effective Cyber Defense and Continuous FISMA Compliance
• 2008-11-25 -- Top25 Most Dangerous Programming Errors: Giving CIOs a Way to Measure the Security of the Software They Buy and Build
• 2008-10-29 -- 2008 Cyber Defense Initiative - SANS SCORE Macintosh OS X Leopard Security Checklist
• 2008-05-20 -- SANS Announces $1 Million Grant to Aid Developing Countries
• 2008-05-13 -- Education Leaders Unite: K.U.Leuven DistriNet and SANS to cooperate on security education
• 2008-03-26 -- GIAC Announces New Certification for Penetration Testing
• 2008-01-30 -- Computer Security Management Training Is Now NIST SP800 Compliant
• 2008-01-14 -- Top Ten Cyber Security Menaces for 2008
• 2007-12-17 -- Global Information Assurance Certification (GIAC) Announces ANSI/ISO/IEC 17024 Accreditation
• 2007-12-13 -- New Courses at CDI 2007
• 2007-12-03 -- GIAC Board of Directors votes to discount multiple recertifications in a single year
• 2007-11-27 -- SANS Announces the Top 20 Internet Security Risks for 2007
• 2007-11-20 -- New Minimum Standard Announced for Software Development Security
• 2007-10-30 -- Access 2 Networks hosting an Open House/Vendor Expo with The SANS Institute
• 2007-10-25 -- SANS Announces the acceptance and posting of the second of the 2007 initiatives: Service Oriented Architecture

SANS in the News

• Certification Magazine: GIAC: The Hands-On IT Security Certification
• Hackers Have Attacked Foreign Utilities (WashingtonPost.com)
• Infosecurity Europe 2008 - It's all about trust
• Intellitactics Sponsors SANS What Works: in Security Information and Event Management (SIEM)
• Lockheed Martin Promotes Secure Coding Best Practices with SANS Institute Partnership
• LogLogic and SANS Announce Fourth Annual Log Management Market Report
• One in three websites are infected, Sans Institute reveals
• SANS report shows security logs no longer "geek toys"
• SearchSecurity.com guide to information security certifications
• Security Sentry: Comprehensive Interview with Johannes Ullrich
• The Cost Of Privacy
• Training Vital to Network Defense
• U.S., British officials target Chinese as source of cyberattacks
• Bush pumps money into porous cyberdefenses
• Certifications for Secure Coding
• Cyber Wars on GovernmentExecutive.com
• Cyberspies Target Silent Victims
• Shadow IT
• Top Tech News - Evaluating Network-Security Consultants
• Washington Post - Programs In Peril
• FCW.com Sites Help Keep Feds Informed about Cybersecurity
• Intel issues patches for wireless vulnerabilities
• Microsoft Puts Out Fix for Explorer Flaw
• Paller: Government Cybersecurity Gets An F
• SC Magazine - Leaders of the industry pack
• Warning: Your Wi-Fi Is Vulnerable to Attack
• Business Week Online - Norton Gets A Bit Less Secure
• China's Cyber Attacks Signal New Battlefield Is Online
• CNN.com - Google says MyDoom virus caused problems
• Computerworld - Researchers: Popular apps have mismanaged security
• Metafore hosts virtualization security training course
• MSNBC - Cyber criminals gather on forgotten Web sites
• MSNBC - New Sober worm expected to hit Jan. 5
• MSNBC - Online criminals shift focus of attack
• Network World, 08/22/05 - Windows worms, flaws plague users (Audio)
• Red Herring - Feds Want Better Net Security

Need news? We can help! The SANS Institute is the most trusted and by far the largest cooperative research and education organization for information security training, certification, and research. Just drop us a note asking what is new and exciting in information security and we will hook you up with an expert. Our press room is designed to assist the media in providing opportunities for interviews through the following sources:

SANS Faculty Members

Our faculty has written over 50 books alone on such topics as hacker techniques, forensics, intrusion detection, firewalls, auditing, etc..

Internet Storm Center

An all volunteer early warning internet global monitoring organization. When a potential threat is detected, the team immediately begins an intensive investigation to gauge the threat's severity and impact.

SANS WhatWorks^tm

Provides security buying trends, tools, services, and technology to help organizations avoid costly mistakes and pitfalls.

SANS also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security. These resources are available for reproduction with prior permission of the SANS Institute.

Please note that press invitations and interviews with the SANS faculty are for print, television, radio, and web only. SANS monitors the Press Room on Monday - Friday only.

Partners

SANS Faculty Photos & Bios for Articles

Alan Paller

Alan is the director of research for the SANS Institute, responsible for projects ranging from the Internet Storm Center (the Internet's early warning system with 500,00 sensors around the world) to the Top Ten Security Menaces of the coming year. He also edits NewsBites, the twice-a-week summary of the most important news stories in security. But he says his most satisfying responsibility is finding people who have solved important security problems and helping others learn about the people and their discoveries.

Alan earned degrees in computer science and engineering from Cornell and MIT. He wrote hundreds of articles on computer graphics, EIS and computer security, and authored two books, The EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life.

In 2001 the President named Alan as one of the original members of the National Infrastructure Advisory Council, and in 2005 the Federal CIO Council chose him as its Azimuth Award winner recognizing his singular vision and outstanding service to federal information technology.

Stephen Northcutt

Stephen is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crewman, white water raft guide, chef, martial arts instructor, cartographer, and network designer.

Stephen is one of the most prolific authors at SANS, books include: Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He manages two blogs, the Leadership Laboratory and the Security Laboratory.

He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization. Stephen founded the GIAC certification and currently serves as CEO of the SANS Institute.

Johannes Ullrich

As Chief Research Officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC.

His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist.

Johannes holds a Ph.D. in Physics from SUNY Albany and is located in Jacksonville FL.