ニュースレター登録
資料ダウンロード
お問い合わせ

SANS Course SANSコース一覧

DOWNLOAD
  • スキル別ロードマップ
  • 専門領域別ロードマップ

SANSが提供する包括的なコースカリキュラムは、セキュリティの各分野で実践的な技術スキルを習得することができます。
また、ソフトウェア開発者やICSエンジニア、経営層や法務担当者、監査人などの方々を対象としたコースもラインナップしています。

1.基礎となるスキル

New to Cyber Security

Concepts, Terms, & Skills

Cyber Security Fundamentals

SEC 301

Introduction to Cyber Security | GISF

?

Core Techniques

Prevent, Defend, Maintain

実践的なサイバーセキュリティ業務を担当する皆さんは、攻撃の仕組みを理解し、多層防御の考え方に基づいてシステムを保護し、インシデントが発生した場合にそのインシデントを管理できるようにする共通のスキルセットを保有するようにトレーニングする必要があります。セキュリティを確保するには、セキュリティ業務を担当する組織のスキルのベースラインを高い水準を設定する必要があります。

Core Techniques

Prevent, Defend, Maintain

Security Essentials

SEC 401

Security Essentials Bootcamp Style | GSEC

Hacker Techniques

SEC 504

Hacker Tools, Techniques, Exploits,and Incident Handling | GCIH

?

Security Management

Managing Technical Security Operations

多様化するセキュリティ業務プロセスとセキュリティチームを適切に管理するリーダーが必要です。それらを管理するマネージャは、必ずしもテクニカルな作業を行うわけではありませんが、セキュリティ戦略の策定や適切なポリシーの開発、熟練した技術者とのやり取り、成果の測定などを行う上でその基盤となるテクノロジーとフレームワークについて十分に知 っている必要があります。

Security Management

Managing Technical Security Operations

Leadership Essentials

MGT 512

Security Leadership Essentials for Managers | GSLC

Critical Controls

SEC 566

Implementing and Auditing the Critical Security Controls – In-Depth | GCCC

2.職種に特化したスキル
?

Monitoring & Detection

Intrusion Detection, Monitoring Over Time

自組織の環境で発生していることを検知するには、高度なスキルと能力のセットが必要です。セキュリティの異常を特定するには、監視ツールを展開して検知し、その出力を分析・解釈するためのスキルを深める必要があります。

Monitoring & Detection

Intrusion Detection, Monitoring Over Time

Intrusion Detection

SEC 503

Intrusion Detection In-Depth | GCIA

Monitoring & Operations

SEC 511

Continuous Monitoring and Security Operations | GMON

?

Penetration Testing

Vulnerability Analysis, Ethical Hacking

弱点を見つけることができる専門家は、防御を構築することに専念している専門家とは異なるスキルセットが必要です。レッドチーム/ブルーチーム展開の基本原則は、脆弱性を見つけるには防御とは異なる考え方と異なるツールが必要で、それらは防衛の専門家が防御を改善するために不可欠であるということです。

Penetration Testing

Vulnerability Analysis, Ethical Hacking

Networks

SEC 560

Network Penetration Testing and Ethical Hacking | GPEN

Web Apps

SEC 542

Web App Penetration Testing and Ethical Hacking | GWAPT

Vulnerability Assessment

SEC 460

Enterprise Threat and Vulnerability Assessment | GEVA

?

Incident Response & Threat Hunting

Host & Network Forensics

ホストやネットワークシステムに関する証拠保全を行う場合や、同様の手法を使用してスレットハンティングを行う場合には、攻撃を詳細に分析し、適切な修復・復旧計画を策定・実行できる、インシデントハンドリングの初動対応の域をはるかに越えて活動できる特別なプロフェッショナルが必要です。

Incident Response & Threat Hunting

Host & Network Forensics

Endpoint Forensics

FOR 500

Windows Forensic Analysis | GCFE

FOR508

Advanced Incident Response, Threat Hunting, and Digital Forensics | GCFA

Network Forensics

FOR 572

Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response | GNFA

CISSP® Training

MGT 414

SANS Training Program for CISSP® Certifi cation | GISP

3.専門性の高いスキル

Cyber Defense Operations

Harden Specific Defenses

Blue Team

SEC 450

Blue Team Fundamentals: Security Operations and Analysis

OSINT

SEC 487

Open-Source Intelligence (OSINT) Gathering and Analysis

Advanced Generalist

SEC 501

Advanced Security Essentials – Enterprise Defender | GCED

Cloud Security

SEC 545

Cloud Security Architecture and Operations

Windows/Powershell

SEC 505

Securing Windows and PowerShell Automation | GCWN

Linux/ Unix Defense

SEC 506

Securing Linux/Unix | GCUX

SIEM

SEC 555

SIEM with Tactical Analytics | GCDA

Security Architecture

SEC 530

Defensible Security Architecture and Engineering | GDSA

Adversary Emulation

SEC 599

Defeating Advanced Adversaries – Purple Team Tactics and Kill Chain Defenses | GDAT

Specialized Penetration Testing

Focused Techniques & Areas

Networks

SEC 660

Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | GXPN

SEC 760

Advanced Exploit Development for Penetration Testers

Web Apps

SEC 642

Advanced Web App Testing, Ethical Hacking, and Exploitation Techniques

Mobile

SEC 575

Mobile Device Security and Ethical Hacking | GMOB

Wireless

SEC 617

Wireless Penetration Testing and Ethical Hacking | GAWN

Python Coding

SEC 573

Automating Information Security with Python | GPYC

Digital Forensics, Malware Analysis, & Threat Intel

Specialized Investigative Skills

Malware Analysis

FOR 610

Reverse-Engineering Malware: Malware Analysis Tools and Techniques | GREM

Cyber Threat Intelligence

FOR 578

Cyber Threat Intelligence | GCTI

Battlefield Forensics & Data Acquisition

FOR 498

Battlefield Forensics & Data Acquisition

Smartphones

FOR 585

Smartphone Forensic Analysis In-Depth | GASF

Memory Forensics

FOR 526

Advanced Memory Forensics & Threat Detection

Mac Forensics

FOR 518

Mac and iOS Forensic Analysis and Incident Response

Industrial Controls

Essentials

ICS 410

ICS/SCADA Security Essentials | GICSP

ICS Defense & Response

ICS 515

ICS Active Defense and Incident Response | GRID

ICS Security In-Depth

ICS 612

ICS Cyber Security In-Depth

NERC Security Essentials

ICS 456

Essentials for NERC Critical Infrastructure Protection | GCIP

DevSecOps

Secure Web Apps

DEV 522

Defending Web Applications Security Essentials | GWEB

Secure DevOps

SEC 540

Cloud Security and DevOps Automation | GCSA

Advanced Management

Advanced Leadership, Audit, Legal

Planning, Policy, Leadership

MGT 514

Security Strategic Planning, Policy, and Leadership | GSTRT

Managing Vulnerabilities

MGT 516

Managing Security Vulnerabilities: Enterprise and Cloud

Project Management

MGT 525

IT Project Management, Eective Communication, and PMP® Exam Prep | GCPM

Audit & Monitor

AUD 507

Auditing & Monitoring Networks, Perimeters, and Systems | GSNA

Law & Investigations

LEG 523

Law of Data Security and Investigations | GLEG

?

Security Management

Managing Technical Security Operations

多様化するセキュリティ業務プロセスとセキュリティチームを適切に管理するリーダーが必要です。それらを管理するマネージャは、必ずしもテクニカルな作業を行うわけではありませんが、セキュリティ戦略の策定や適切なポリシーの開発、熟練した技術者とのやり取り、成果の測定などを行う上でその基盤となるテクノロジーとフレームワークについて十分に知 っている必要があります。

Security Management

Managing Technical Security Operations

Leadership Essentials

MGT 512

Security Leadership Essentials for Managers | GSLC

Critical Controls

SEC 566

Implementing and Auditing the Critical Security Controls – In-Depth | GCCC

CISSP® Training

MGT 414

SANS Training Program for CISSP® Certifi cation | GISP

Advanced Management

Advanced Leadership, Audit, Legal

Planning, Policy, Leadership

MGT 514

Security Strategic Planning, Policy, and Leadership | GSTRT

Managing Vulnerabilities

MGT 516

Managing Security Vulnerabilities: Enterprise and Cloud

Project Management

MGT 525

IT Project Management, Eective Communication, and PMP® Exam Prep | GCPM

Audit & Monitor

AUD 507

Auditing & Monitoring Networks, Perimeters, and Systems | GSNA

Law & Investigations

LEG 523

Law of Data Security and Investigations | GLEG

サイバーセキュリティ分野の代表的な業務や役割に対応するSANSトレーニングコースを整理しております。以下は、NICE CyberSecurity Workforce Framework(NIST SP 800-181)で定義されている役割と、SANSトレーニングをマッピングしたものです。SANSトレーニング受講の計画にお役立てください。

セキュアな開発・供給 Security Provision
セキュリティリスク管理 Risk Management
  • SEC301

    Introduction to Cyber Security

  • MGT415

    A Practical Introduction to Cyber Security Risk Management

  • MGT512

    SANS Security Leadership Essentials For Managers

  • SEC401

    Security Essentials Bootcamp Style

  • SEC566

    Implementing and Auditng the Critcal Security Controls - In-Depth

  • AUD507

    Auditng & Monitoring Networks, Perimeters & Systems

  • SEC460

    Enterprise Threat and Vulnerability Assessment

ソフトウエア開発 Risk Management
  • DEV522

    Defending Web Applications Security Essentials

  • SEC540

    Cloud Security and DevOps Automation

  • DEV522

    Defending Web Applications Security Essentials

  • SEC542

    Web App Penetration Testing and Ethical Hacking

  • SEC642

    Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques

システムアーキテクチャ(システム構成) Systems Architecture
  • SEC530

    Defensible Security Architecture and Engineering

  • SEC540

    Cloud Security and DevOps Automation

  • SEC545

    Cloud Security Architecture and Operations

  • SEC511

    Continuous Monitoring and Security Operations

技術R&D Technology R&D
  • SEC540

    Cloud Security and DevOps Automation

  • DEV522

    Defending Web Applications Security Essentials

システム要件定義・計画 Systems Requirements Planning
  • MGT525

    IT Project Management, Effective Communication, and PMP® Exam Prep

システムテスト・評価 Test and Evaluation
  • SEC460

    Enterprise Threat and Vulnerability Assessor

  • SEC560

    Network Penetration Testing and Ethical Hacking

  • SEC542

    Web Application Penetration Testing and Ethical Hacking

  • AUD507

    Auditing and Monitoring Networks, Perimeters, & Systems

システム開発 Systems Development
  • DEV522

    Defending Web Applications Security Essentials

  • SEC542

    Web Application Penetration Testing and Ethical Hacking

  • SEC540

    Cloud Security and DevOps Automation

運用・保守 Operate and Maintain
データ管理 Data Administration
  • SEC401

    Security Essentials Bootcamp Style

ナレッジ管理 Knowledge Management
  • SEC301

    Introduction to Cyber Security

カスタマーサービス、技術サポート Customer Service and Technical Support
  • SEC401

    Security Essentials Bootcamp Style

  • SEC505

    Securing Windows and PowerShell Automation

  • SEC506

    Securing Linux/Unix

  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

ネットワークサービス Network Services
  • SEC401

    Security Essentials Bootcamp Style

  • SEC501

    Advanced Security Essentials - Enterprise Defender

  • SEC555

    SIEM with Tac(cal Analy(cs

システム管理 Systems Administration
  • SEC401

    Security Essentials Bootcamp Style

  • SEC505

    Securing Windows and PowerShell Automation

  • SEC506

    Securing Linux/Unix

システム分析 Systems Analysis
  • SEC501

    Advanced Security Essentials - Enterprise Defender

  • AUD507

    Auditing and Monitoring Networks, Perimeters, & Systems

  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

監督・統治 Oversee & Govern
法的助言や弁護 Legal Advice and Advocacy
  • LEG523

    Law of Data Security and Investigations

システム管理 System Administratior
  • SEC301

    Introduction to Cyber Security

  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

  • MGT512

    SANS Security Leadership Essentials For Managers

  • ICS456

    Essentials for NERC Critical Infrastructure Protection

トレーニング、教育、啓蒙活動 Training, Education, and Awareness
  • SEC401

    Security Essentials Bootcamp Style

  • MGT433

    SANS Security Awareness: How to Build, Maintain, & Measure a Mature Awareness Program

  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

  • SEC501

    Advanced Security Essentials - Enterprise Defender

サイバーセキュリティ管理 Cybersecurity Management
  • MGT512

    SANS Security Leadership Essentials For Managers

  • MGT514

    Strategic Planning, Policy, and Leadership

  • MGT521

    Driving Cybersecurity Change – Establishing a Culture of Protect, Detect, and Respond

  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

  • SEC301

    Introduction to Cyber Security

戦略立案と方針 Strategic Planning and Policy
  • MGT512

    SANS Security Leadership Essentials For Managers

  • MGT514

    Strategic Planning, Policy, and Leadership

  • MGT521

    Driving Cybersecurity Change – Establishing a Culture of Protect, Detect, and Respond

幹部によるサイバーリーダーシップ Executive Cyber Leadership
  • MGT512

    Driving Cybersecurity Change – Establishing a Culture of Protect, Detect, and Respond

  • MGT514

    Strategic Planning, Policy, and Leadership

  • MGT521

    Driving Cybersecurity Change – Establishing a Culture of Protect, Detect, and Respond

事業計画/プロジェクトの管理と調達 Program/Project Management and Acquisition
  • MGT512

    Driving Cybersecurity Change – Establishing a Culture of Protect, Detect, and Respond

  • MGT514

    Strategic Planning, Policy, and Leadership

  • MGT521

    Driving Cybersecurity Change – Establishing a Culture of Protect, Detect, and Respond

  • MGT525

    IT Project Management, Effective Communication, and PMP® Exam Prep

  • SEC401

    Security Essentials Bootcamp Style

  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

  • AUD507

    Auditing and Monitoring Networks, Perimeters, & Systems

保護及び防衛 Protect & Defend
サイバー防衛分析 Cybersecurity Defense Analysis
  • SEC401

    Security Essentials Bootcamp Style

  • SEC501

    Advanced Security Essentials - Enterprise Defender

  • SEC503

    Intrusion Detection In-Depth

  • SEC511

    Continuous Monitoring and Security Operations

  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

サイバー防衛インフラサポート Cybersecurity Defense Infrastructure Support
  • SEC401

    Security Essentials Bootcamp Style

  • SEC501

    Advanced Security Essentials - Enterprise Defender

インシデントレスポンス Incident Response
  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

  • FOR508

    Advanced Incident Response, Threat Hunting, and Digital Forensics

  • FOR572

    Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

脆弱性診断と管理 Vulnerability Assessment and Management
  • SEC460

    Enterprise Threat and Vulnerability Assessor

  • SEC542

    Web App Penetration Testing and Ethical Hacking

  • SEC560

    Network Penetration Testing and Ethical Hacking

  • SEC660

    Advanced Penetration Testing, Exploit Writing, and Ethical Hacking

  • SEC642

    Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques

  • SEC564

    Red Team Exercises and Adversary Emulation

  • SEC599

    Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defense

  • SEC699

    Purple Team Tactics – Adversary Emulation for Breach Prevention and Detection

  • SEC760

    Advanced Exploit Development for Penetration Testers

分析 Analyze
脅威分析 Threat Analysis
  • FOR578

    Cyber Threat Intelligence

  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

攻撃分析 Exploitation Analysis
  • SEC542

    Web App Penetration Testing and Ethical Hacking

  • SEC560

    Network Penetration Testing and Ethical Hacking

  • SEC660

    Advanced Penetration Testing, Exploit Writing, and Ethical Hacking

  • SEC760

    Advanced Exploit Development for Penetration Testers

全情報源分析 All-Source Analysis
  • FOR578

    Cyber Threat Intelligence

  • SEC487

    Open-Source Intelligence (OSINT) Gathering and Analysis

  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

  • SEC560

    Network Penetration Testing and Ethical Hacking

標的 Targets
  • SEC542

    Web App Penetration Testing and Ethical Hacking

  • SEC560

    Network Penetration Testing and Ethical Hacking

  • SEC660

    Advanced Penetration Testing, Exploit Writing, and Ethical Hacking

  • SEC760

    Advanced Exploit Development for Penetration Testers

  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

  • SEC487

    Open-Source Intelligence (OSINT) Gathering and Analysis

  • FOR578

    Cyber Threat Intelligence

言語分析 Language Analysis
  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

  • SEC560

    Network Penetration Testing and Ethical Hacking

  • FOR578

    Cyber Threat Intelligence

  • SEC487

    Open-Source Intelligence (OSINT) Gathering and Analysis

収集及び運用 Collect & Operate
収集作戦行動 Collection Operations
  • FOR578

    Cyber Threat Intelligence

  • SEC487

    Open-Source Intelligence (OSINT) Gathering and Analysis

  • FOR508

    Advanced Incident Response, Threat Hunting, and Digital Forensics

サイバー作戦行動計画 Cyber Operational Planning
  • FOR578

    Cyber Threat Intelligence

  • SEC487

    Open-Source Intelligence (OSINT) Gathering and Analysis

  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

  • SEC542

    Web App Penetration Testing and Ethical Hacking

  • SEC560

    Network Penetration Testing and Ethical Hacking

サイバー作戦行動 Cyber Operations
  • SEC542

    Web App Penetration Testing and Ethical Hacking

  • SEC560

    Network Penetration Testing and Ethical Hacking

  • FOR508

    Advanced Incident Response, Threat Hunting, and Digital Forensics

  • FOR572

    Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

調査 Investigate
サイバー捜査 Cyber Investigation
  • FOR500

    Windows Forensics Analysis

  • FOR508

    Advanced Incident Response, Threat Hunting, and Digital Forensics

  • FOR498

    BaGlefield Forensics & Data Acquisition

  • FOR572

    Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

デジタルフォレンジック  Digital Forensics
  • FOR500

    Windows Forensics Analysis

  • FOR508

    Advanced Incident Response, Threat Hunting, and Digital Forensics

  • FOR572

    Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

  • FOR610

    Reverse Engineering Malware – Malware Analysis Tools & Techniques

  • FOR573

    Automating Information Security with Python

  • SEC504

    Hacker Tools, Techniques, Exploits, and Incident Handling

産業用制御システム Industrial Control System
運用技術エンジニアリング Operations Technology Engineering
  • ICS410

    ICS/SCADA Security Essentials

  • ICS612

    ICS Cybersecurity In-Depth

  • ICS515

    ICS Active Defense and Incident Response

運用技術SOC OT Security Operations Center
  • ICS410

    ICS/SCADA Security Essentials

  • ICS515

    ICS Active Defense and Incident Response

NRIセキュアではNews BitesやOUCH! を日本語に翻訳して皆さまにお届けしています。
購読制を採っておりますので、
ご希望の方は、ニュースレター登録からお申し込みください。