SANS Information Security Reading Roomhttp://www.sans.org/reading-room/Last 25 Computer Security Papers added to the Reading RoomKohanaPHPBuilding a World-Class Security Operations Center: A Roadmaphttps://www.sans.org/reading-room/whitepapers/analyst/building-world-class-security-operations-center-roadmap-35907Explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology. Wed, 15 Apr 2015 00:00:00 +0000Analyzing a Backdoor/Bot for the MIPS Platformhttps://www.sans.org/reading-room/whitepapers/malicious/analyzing-backdoor-bot-mips-platform-35902Malware functionalities have been evolving and so are their target platforms and architectures. Mon, 13 Apr 2015 00:00:00 +0000XtremeRAT - When Unicode Breakshttps://www.sans.org/reading-room/whitepapers/malicious/xtremerat-unicode-breaks-35897XtremeRAT is a commonly abused remote administration tool that is prevalent in the Middle East; prevalent to the degree that it is not uncommon to find at least one active RAT in a network on any given incident response engagement.Thu, 09 Apr 2015 00:00:00 +0000Insider Threats and the Need for Fast and Directed Responsehttps://www.sans.org/reading-room/whitepapers/threats/insider-threats-fast-directed-response-35892This paper discusses the results of the 2015 SANS Insider Threat Survey. Written by Dr. Eric Cole, it examines the operational challenges of defending against malicious or negligent insiders and reviews the financial impact of insider attacks.Thu, 09 Apr 2015 00:00:00 +0000The What, Where and How of Protecting Healthcare Datahttps://www.sans.org/reading-room/whitepapers/hipaa/what-protecting-healthcare-data-35887Mitigating healthcare data-loss risk by understanding the What, Where, and How of Protecting Healthcare Data.Mon, 06 Apr 2015 00:00:00 +0000Defense-in-Policy begets Defense-in-Depthhttps://www.sans.org/reading-room/whitepapers/leadership/defense-in-policy-begets-defense-in-depth-35882Defense-in-depth is a commonly cited "best practices" strategy for achieving "Information Assurance". Fri, 03 Apr 2015 00:00:00 +0000Denial of Service Deterrencehttps://www.sans.org/reading-room/whitepapers/basics/denial-service-deterrence-35877Denial of service attacks have been around since 1989 and may have been incorporated even before that time.Wed, 01 Apr 2015 00:00:00 +0000Proposal for standard Cloud Computing Security SLAs - Key Metrics for Safeguarding Confidential Data in the Cloudhttps://www.sans.org/reading-room/whitepapers/cloud/proposal-standard-cloud-computing-security-slas-key-metrics-safeguarding-confidential-dat-35872Cloud computing services provide many technology and business opportunities that were simply unavailable a few years ago.Wed, 01 Apr 2015 00:00:00 +0000Improving the Effectiveness of Log Analysis with HP ArcSight Logger 6https://www.sans.org/reading-room/whitepapers/analyst/improving-effectiveness-log-analysis-hp-arcsight-logger-6-35867A review of HP ArcSight Logger 6 by SANS analyst and instructor Dave Shackleford. It discusses the latest release of ArcSight Logger and its usefulness to security analysts who need to collect and monitor logs.Wed, 01 Apr 2015 00:00:00 +0000Practical El Jefehttps://www.sans.org/reading-room/whitepapers/bestprac/practical-el-jefe-35862"El Jefe is a free situational awareness tool that can drastically reduce the costs for securing your enterprise by making locating and responding to advanced threats incredibly easy." (Immunity Inc., n.d.).Tue, 31 Mar 2015 00:00:00 +0000Creating an SOChttps://www.sans.org/reading-room/whitepapers/analyst/creating-soc-35857Graphically explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology. Tue, 31 Mar 2015 00:00:00 +0000Enabling Large-Scale Mobility with Security from the Ground Uphttps://www.sans.org/reading-room/whitepapers/pda/enabling-large-scale-mobility-security-ground-35852A SANS Analyst Program infographic based on the whitepaper, Enabling Large-Scale Mobility with Security from the Ground Up. It offers a graphical interpretation of the paper's keytakeaways and supplemental data.Mon, 30 Mar 2015 00:00:00 +0000Enabling Large-Scale Mobility with Security from the Ground Uphttps://www.sans.org/reading-room/whitepapers/analyst/enabling-large-scale-mobility-security-ground-35847A SANS Analyst Program whitepaper written by Jaikumar Vijayan and advised by SANS Analyst G. Mark Hardy. It discusses the state of enterprise mobility and the challenges posed to information technology groups by the massive influx of personal and corporate-owned mobile devices in the workplace in recent years.Mon, 30 Mar 2015 00:00:00 +0000Correctly Implementing Forward Secrecyhttps://www.sans.org/reading-room/whitepapers/bestprac/correctly-implementing-secrecy-35842At the heart of Forward Secrecy is the use of the Diffie-Hellman key exchange.Mon, 30 Mar 2015 00:00:00 +0000Using Sysmon to Enrich Security Onion's Host-Level Capabilitieshttps://www.sans.org/reading-room/whitepapers/forensics/sysmon-enrich-security-onion-039-s-host-level-capabilities-35837In 2003, Gartner declared Intrusion Detection Systems as a “market failure” primarily because of the high false positives and negatives, and the significant amount of time and resources needed to monitor and validate alerts.Fri, 27 Mar 2015 00:00:00 +0000Finding Evil in the Whitelisthttps://www.sans.org/reading-room/whitepapers/Whitelists/finding-evil-whitelist-35832Traditional security controls, such as antivirus and intrusion detection systems, can be generally classified as blacklisting technologies.Tue, 24 Mar 2015 00:00:00 +0000Minimizing Damage From J.P. Morgan's Data Breachhttps://www.sans.org/reading-room/whitepapers/casestudies/minimizing-damage-jp-morgan-039-s-data-breach-35822How did a mega bank like J.P. Morgan get hacked? It all started in June 2014 when one of their employee's personal computer was infected with malware which resulted in stolen login credential (Sjouwerman, 2014).Tue, 17 Mar 2015 00:00:00 +0000Web Application Firewallshttps://www.sans.org/reading-room/whitepapers/webappsec/web-application-firewalls-35817For years, attackers have assailed networks and exploited system level vulnerabilities, fueling demand for products like firewalls and intrusion detection systems.Mon, 16 Mar 2015 00:00:00 +0000Data Breach Preparationhttps://www.sans.org/reading-room/whitepapers/dlp/data-breach-preparation-35812Home Depot experienced the second largest data breach on record. ("Home Depot data breach affected 56M debit, credit cards", 2014) It started in April 2014, but Home Depot did not become aware of the problem until September 2 when law enforcement and some banks contacted them about signs of the compromise.Mon, 16 Mar 2015 00:00:00 +0000Powercathttps://www.sans.org/reading-room/whitepapers/testing/powercat-35807Powercat started as a proof-of-concept tool that I initially developed.Wed, 04 Mar 2015 00:00:00 +0000Automation in the Incident Response Process: Creating an Effective Long-Term Planhttps://www.sans.org/reading-room/whitepapers/analyst/automation-incident-response-process-creating-effective-long-term-plan-35802With the right resources in place, attackers can be detected more accurately and efficiently, mitigating damage and data loss from inevitable network attacks. This paper presents a proper process and procedure for incident response that includes the use of automation tools.Wed, 04 Mar 2015 00:00:00 +0000Sleeping Your Way out of the Sandboxhttps://www.sans.org/reading-room/whitepapers/malicious/sleeping-sandbox-35797The term Advanced Persistence Threat is widely cited as originating in 2006 from the US Air force in reference to advanced cyber-attacks against specific targets (Fortinet, 2013, p2).Tue, 03 Mar 2015 00:00:00 +0000What Every Tech Startup Should Know About Security, Privacy, and Compliancehttps://www.sans.org/reading-room/whitepapers/compliance/tech-startup-about-security-privacy-compliance-35792Not everyone has what it takes to launch a successful tech startup. A compelling vision must propel the founder, fueled by unstoppable passion.Wed, 25 Feb 2015 00:00:00 +0000Windows Phone 8 Forensic Artifactshttps://www.sans.org/reading-room/whitepapers/forensics/windows-phone-8-forensic-artifacts-35787Because of the fast pace of change of mobile device technologies and operating systems, there are times when a newer mobile device which is unsupported or only partially supported by commercial mobile forensic tools for data extraction and parsing must be examined in the course of a criminal investigation, with the end goal being the extraction of digital evidence for use in court.Fri, 20 Feb 2015 00:00:00 +0000Exercise - Not Just for Your Body Anymorehttps://www.sans.org/reading-room/whitepapers/training/exercise-body-anymore-35782Exercise programs have been publicized and encouraged for a long time as a way to keep your physical and mental abilities in shape. Fri, 20 Feb 2015 00:00:00 +0000