According to their 'about us' page, FORESEC "is a Computer Security and Forensic Training Certification Body that provides state- of-the-art service through a mixed team of local and foreign professionals with the mission of delivering unparalleled certification and support to International markets. They go on to say they deal mainly with "Military and Defense related companies" in "Asia, Europe and [the] American region". In January of 2007, FORESEC and FORESEC ACADEMY merged "into the fully incorporated Training and Security Development arm for many government agencies in Europe and Asia." The executive management team consists of Anthony Schneider and Nigel Webb, who report to the unnamed Managing Director, who is accountable to the unnamed Board of Directors. Along with their own marketing staff, presumably, DoMore out of Australia as well as YES Management & Technology Training Centre are resellers of the FORESEC training catalog.
This certainly sounds impressive, given the perceived audience they enjoy. The unnamed managing director and board add an air of mystery to the organization to be sure. What isn't a mystery, is where they came up with their entire security training program; blatantly stolen from SANS.
The following table details the FORESEC training classes dealing with security that were taken from other sources, making up nearly 100% of the material we reviewed. In the table below, FID means FORESEC Course ID and SID means SANS Course ID. There is one exception; for a single class, FORESEC took the material from a Foundstone class, not SANS. Note: We did not review the actual course material, just the synopsis and outlines offered via the FORESEC web page. While this is not definitive, we are fairly confident that a company that creates its own training courses would not plagiarize the synopsis and outlines from a competing company. Information is included to distinguish not only plagiarized material, but also what was done in an attempt to obscure the original source (e.g., altering text). This shows willful infringement of copyright and inexcusable plagiarism.
|FID||SID||FORESEC Class||SANS Class||Notes|
|FC701||SEC501||INFOSEC-Enterprise LOCKDOWN||Advanced Security Essentials - Enterprise Defender||Changed SANS' "Security 501 is a follow up to SEC401: SANS Security Essentials" to "FC701 is a follow up to FC801: FORESEC Security Essentials".|
|FC702||SEC502||INFOSEC-Core Level Perimeter Protection||Perimeter Protection In-Depth||Changed SANS' "most diverse course in the SANS catalog" to "most diverse course in the FORESEC catalog".|
|FC704||SEC504||Black OPS Hacking Techniques & Incident Response||Hacker Techniques, Exploits & Incident Handling||--|
|FC801||SEC401||Information Security Essentials||SANS Security Essentials Bootcamp Style||Changed SANS' "learning the full SANS Security Essentials curriculum needed to qualify for the GSEC certification" to "learning the full FORESEC Security Essentials curriculum needed to qualify for the FISE certification"|
"key promises FORESEC makes to our students" to "key promises SANS makes to our students"
"great teaching sets FORESEC courses apart, and FORESEC ensures this by choosing instructors" to "great teaching sets SANS courses apart, and SANS ensures this by choosing instructors".
|FC803||SEC503||Intrusion Detection Advanced Analysis||Intrusion Detection In-Depth||--|
|FC804||SEC542||Black OPS - Attacking Web Application||Web App Penetration Testing and Ethical Hacking: The Attacker's View of the Web||--|
|FC805||SEC560||Black OPS - Network Penetration||Network Penetration Testing and Ethical Hacking||--|
|FC806||SEC617||Black OPS - WIFI Attacks||Wireless Ethical Hacking, Penetration Testing, and Defenses||--|
|FC821||SEC408||Foundation of Computer Forensics||Digital Forensic Fundamentals||--|
|FC881||SEC509||Hardening Oracle||Securing Oracle||Changed SANS' "It is not uncommon for the SANS Internet Storm Center to see hundreds of thousands of hack attempts against Oracle databases each month." to "It is not uncommon for the FORESEC Internet Defense Center to see hundreds of thousands of hack attempts against Oracle databases each month."|
|FC901||SEC505||Locking Down Windows||Securing Windows||--|
|FC908||n/a||Exploit Development for Tiger Team & Researchers||Foundstone Ultimate Hacking||Changed Foundstone's "The core of the course is the Foundstone Professional Services proven Penetration Testing Methodology, and as always, the course is taught exclusively by Foundstone Consultants who bring real-world penetration testing experience to the classroom." to "The core of the course is the FORESEC Professional Services proven Penetration Testing Methodology, and as always, the course is taught exclusively by FORESEC Consultants who bring real-world penetration testing experience to the classroom."|