Featuring 8 Papers as of March 27, 2014
Framework for building a Comprehensive Enterprise Security Patch Management Program
by Michael Hoehl - January 2, 2014
The concept of a patch is pretty straight forward and broadly understood. In business terms, patching is a form of quality control and defect repair.
Using the Center for Internet Security (CIS) Benchmarks to Support an Information Security Management System
by Robert J. Mavretich - January 25, 2013
Humans are quite a fickle bunch. We learn our daily tasks and responsibilities in varying ways and pass on that knowledge in an increasingly different world than the one we learned it in.
Security Controls in Service Management
by Katherine Warren - December 20, 2010
The Information Technology Infrastructure Library (ITIL) v3 Core describes best practices for all aspects of the service management lifecycle. The ITIL Core consists of five publications, each providing guidance on a specific phase in the service management lifecycle.
Humans... The Overlooked Asset
by Muhammad EL-Harmeel - January 7, 2010
Security Whitepaper: How humans are an important part of the Information System. Humans provide a huge source of both vulnerability and protection.
by Brad Ruppert - January 24, 2008
This paper discusses the steps required to implement a successful security patchmanagement solution which can be used to help protect the enterprise. Patch management is about mitigating risk to the confidentiality of your data and the integrity of your systems. Patch management can be the most effective tool used to protect against vulnerabilities and the least expensive to maintain if implemented effectively. The goal of this paper is to describe how to establish a routine patch-management procedure and to make it a part of standard operations.
Warren Inc. Contact Centre Information Security Management System
by Katherine Warren - November 8, 2007
Warren Inc. is a fictional company that focuses on providing customers with productivity tools and solutions. The Warren Inc. head office is located in Toronto, with satellite offices in Montreal, Calgary and Vancouver. Warren Inc. currently generates $10 Billion yearly in gross revenue and has a customer base of three million subscribers. Eighty percent of Warren Inc. revenue is generated through the Contact Centre. Warren Inc. has recently implemented a commercial Contact Centre solution to provide sales, technical support and general inquiry services to our customers. The Contact Centre uses fictional contact centre software, ContactALL from vendor Fantastic Software Inc. Availability of the Contact Centre is critical to the business operations of Warren Inc.
Information Security Management System (7799) for an Internet Gateway
by Amarottam Shrestha - August 25, 2004
The Internet presence is an important aspect most businesses these days. An Internet gateway provides network security for businesses from the Internet. It is important that the Internet gateway is designed, implemented and operated in a secure manner.
Understanding HIPAA Security Implications Of a Wireless LAN Subsystem Using the ISO/IEC 17799 ISMS Standard
by Frederick Hawkes - July 25, 2004
This paper describes the initial development of an Information Security Management System (ISMS) that will address possible regulatory issues of using Wireless LANs in an assisted living / extended care facility (EcFac1).
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.