Tuesday, December 13, 2005

SANS.edu Open for Business

Thanks to the latest SANS NewsBites, I learned that the SANS (TM) Institute (popularly called "SANS") has announced the opening of the SANS Technology Institute, a true .edu. SANS.edu will offer two masters of information science degrees, in (1) security management and (2) security engineering. The majority of each program involves attending SANS tracks, like SEC 504: Hacker Techniques, Exploits, and Incident Handling or MGT 524: Security Policy and Awareness.

Government Computer News and Federal Computer Weekly provide additional details.

The Knowledge for Peace motto on the logo seems a little "crunchy" to me. Here is part of an explanation:

"Cyber violence in its multiple forms at all levels of the Internet is a major problem. One large ISP averages 1,000 DDOS attacks per day. Although arrests and prosecutions for worm writers and malicious employees who harm their current or former employers' IT systems have increased, the threat level has also increased. Organized crime has been rapidly moving into phishing, the fastest growing crime segment. The path we are on does not lead to peace or security in cyberspace.

The Latin word scientia, the root of our word for science, means knowledge, which is the only defense to the growing threat. If we do not know how to harden systems, manage change, design networks and ensure that software is developed securely, we remain vulnerable to Internet predators."

I do not buy the concept of "cyber violence" in the context of attacks by intruders. (Cyber violence is a term usually reserved for attacks against children facilitated by Internet access.) I also do not agree that "knowledge... is the only defense to the growing threat." The best defense is a strong offense. That means hunting down and prosecuting threats. No amount of defense can sufficiently protect any moderately complex enterprise against determined intruders.

Does anyone plan to pursue either of the two SANS.edu degrees?

4 comments:

Anonymous said...

Although SANS has a fine reputation for certifcation related education, what 'accreditation' do they have to offer a Masters program? They don't even offer a Bachelor's track. Being a facility of Higher Learning is much different than offering certification programs! However, it seems that the majority of the Masters programs consist of SANS courses. I'd prefer seeking a Master's degree from a fully accredited university that also holds the NSA Center of Excellence rating; this holds more validity than the SANS Technology Institute. My two cents anyway.

Anonymous said...

This move seems financially driven to me. Although, SANS has always had an academic slant, the conferences used to be more about information exchange and real technical training. Over the past few years SANS has put more emphasis on the certification tracks which, I guess, become revenue generators. And now this program is designed to allow folks to go to the SANS conferences and take the cert tracks on the company dime because it is a "Graduate Program". All that said, the training is still some of the best, so why not do the overhead to get a grad degree?

Anonymous said...

The admission requirements seem high to me. I can't make the 3.0 GPA cut and I have a BA, not a BS. I spent most of college working in various campus IT groups-- help desk, networking, unix admin, etc, often at the sacrifice of time for school work. Now I have roughly 10 years as a security profession, with a book published and articles in several reputable tech journals. But I can't apply to SANS.edu.

red said...
This comment has been removed by a blog administrator.