SANS.edu Open for Business

Thanks to the latest SANS NewsBites, I learned that the SANS (TM) Institute (popularly called "SANS") has announced the opening of the SANS Technology Institute, a true .edu. SANS.edu will offer two masters of information science degrees, in (1) security management and (2) security engineering. The majority of each program involves attending SANS tracks, like SEC 504: Hacker Techniques, Exploits, and Incident Handling or MGT 524: Security Policy and Awareness.

Government Computer News and Federal Computer Weekly provide additional details.

The Knowledge for Peace motto on the logo seems a little "crunchy" to me. Here is part of an explanation:

"Cyber violence in its multiple forms at all levels of the Internet is a major problem. One large ISP averages 1,000 DDOS attacks per day. Although arrests and prosecutions for worm writers and malicious employees who harm their current or former employers' IT systems have increased, the threat level has also increased. Organized crime has been rapidly moving into phishing, the fastest growing crime segment. The path we are on does not lead to peace or security in cyberspace.

The Latin word scientia, the root of our word for science, means knowledge, which is the only defense to the growing threat. If we do not know how to harden systems, manage change, design networks and ensure that software is developed securely, we remain vulnerable to Internet predators."

I do not buy the concept of "cyber violence" in the context of attacks by intruders. (Cyber violence is a term usually reserved for attacks against children facilitated by Internet access.) I also do not agree that "knowledge... is the only defense to the growing threat." The best defense is a strong offense. That means hunting down and prosecuting threats. No amount of defense can sufficiently protect any moderately complex enterprise against determined intruders.

Does anyone plan to pursue either of the two SANS.edu degrees?