Featuring 29 Papers as of September 9, 2014
Surfing the Web Anonymously - The Good and Evil of the Anonymizer
by Peter Chow - October 8, 2012
Companies of all sizes spend large amounts of time, resources, and money to ensure that their network resources and Internet connections are not being misused.
Risk Assessment of Social Media
by Robert Shullich - May 16, 2012
According to a September 2011 survey, 63% respondents indicated that employee use of social media puts their organizations security at risk" while 29% "say they have the necessary security controls in place to mitigate or reduce the risk" (Ponemon Institute, 2011).
Diskless Cluster Computing: Security Benefit of oneSIS and Git
by Aron Warren - April 16, 2012
This paper introduces the joining of two software packages, oneSIS and Git. Each package by itself is meant to tackle only a certain class of problem.
Which Disney© Princess are YOU?
by Joshua Brower - March 18, 2010
Social engineering takes many form; some obvious, some not so obvious. One not so obvious form is that of questionnairesbe it a knock on the door to answer a survey for a census worker, or a harmless quiz found on a social networking site. Depending upon their content, they can serve as a very powerful means of capturing and correlating information for nefarious purposes.
Document Metadata, the Silent Killer...
by Larry Pesce - December 3, 2008
This paper will illustrate ways in which metadata stored in common types of documents can reveal secrets about an organization and how they can benefit an attacker.
Phishing and Pharming - The Evil Twins
by Tushar Srivastava - February 14, 2007
This paper discusses the ways and means of defending the integrity of online business by foiling such attempts using a three pronged approach: education and awareness, technology, and law enforcement.
Identity Theft: Imitation Is Not The Sincerest Form Of Flattery
by Reg Washington - May 17, 2005
The purpose of this paper is to completely define the threat of identity theft. The paper will outline the following: how identity theft occurs, tips to avoid becoming a victim, and ways to recognize if you've been victimized.
Hidden Data in Electronic Documents
by Deborah Kernan - August 25, 2004
Document authors may be unaware that their documents contain hidden data and that there is the potential for the inadvertent release of sensitive information when sharing these documents with others.
Conflicting Identities: The Digital Government Dilemma
by Kevin Iwersen - July 25, 2004
Over the past several years, government organizations have rapidly technologies to improve service delivery to their citizens.
Surviving The Camera Phone Phenomenon
by Russell Robinson - May 2, 2004
The principal aim of this paper is to present the security practitioner with a compelling argument in favor of the immediate planning and implementation of appropriate security measures to protect against the threat of camera phones.
IT Security: Legal Issues in Australia
by Catherine Edis - May 2, 2004
There are a number of legal issues specific to Australia that could potentially impact an organisation's IT security program and practices.
Responsibilities of Management, Information Technology Personnel and the Consumer.
by Philippa Lawton - March 25, 2004
Companies are moving toward becoming "paperless" and our personal and private information lies somewhere between the office walls and the Cat5 cabling in a form that many average people do not understand: servers, databases, directories, files, clusters, and sectors.
Case Study: One Companys Response to the California Identity Theft Law
by Gordon Bass - November 19, 2003
The California identity theft law, SB 1386, went into effect July 1, 2003, soon after several cases of identity theft were perpetrated by individuals who had stolen our clients' confidential data, setting the stage for risk mitigation and remediation efforts by our company, outlined in this paper.
Silicon Graphics IRIX Sanitization Overwrite Procedures
by Michael Davis - May 8, 2003
This document references a United States Department of Defense three-pass overwrite standard and then describes procedures that are used to overwrite media according to that standard using the Silicon Graphics Incorporated IRIX operating system "FX" utility.
Gramm-Leach-Bliley Act Title V Complexities and Compliancy for the Community Banking Sector
by Joseph Seaman - December 23, 2002
This report will focus on the requirements that are mandated in the legislation as well as the interpretation by federal regulatory agencies such as the FDIC and OCC.
Act Now! An Introduction To Canadas PIPED Act and its Affect on Organizations and IT Departments
by Kevin Egan - October 4, 2002
This paper has been written to cast some light on this important piece of legislation and the inherent responsibilities it imposes on organizations and IT departments.
Personal Proxy - Online Privacy Protection for Home Users
by Tony Yao - September 10, 2002
This paper describes certain online information collection methods and related privacy issues and introduces several personal proxy tools, particularly WebWasher in detail, to secure home users' online privacy.
Deleting Sensitive Information: Why Hitting Delete Isn't Enough
by Hans Zetterstrom - March 23, 2002
This article intends to show that the deletion of files cannot be left to the delete key if those files are supposed to be disposed of securely.
Using Security To Protect The Privacy of Customer Information
by Alan Pacocha - February 21, 2002
A Survey of Recent Threats to Privacy Rights
by Richard Gutter - January 23, 2002
In this paper we will restrict ourselves to comments on governmental attempts to abridge or deny this specific right through two related techniques: the interception of internet communications and the legal restrictions placed on encryption.
Spyware - Identification and Defense
by Lewis Edge - December 14, 2001
This paper addresses the topic of spyware.
Canadian Civil Liberties vs. Public Security: Post Crisis, Have the Terrorists Won?
by Trevor Textor - November 15, 2001
The Personal Information Protection and Electronic Documents Act represents a good example of an act that upholds citizens' right to privacy. This is legislation created to protect the citizens.
Information Privacy Topics, A Discussion
by Jennifer Celender - October 4, 2001
This paper will discuss current laws over electronic data and emails in the workplace, and associated rights of both the employer and employee.
Losing Yourself: Identity Theft in the Digital Age
by Greg Surber - September 20, 2001
This paper provides a discussion on the expansion of a crime that feeds on the inability of consumers to control who has access to sensitive information and how it is safeguarded: identity theft.
Comparison of Three Online Privacy Seal Programs
by Brian Markert - August 8, 2001
The purpose of this paper is to provide evidence as to why companies should be concerned with consumer privacy and to compare three organizations' third-party assurance privacy certification programs: TRUSTe, BBBOnLine and WebTrust.
Identity Theft Made Easy
by Roy Reyes - July 25, 2001
This paper discusses identity theft, made easy and "impersonal" with the use of the Internet and the development of shareware tools.
Are You Being Watched?
by Lorna Hutcheson - July 20, 2001
The purpose of this paper is to make you aware that while you are sitting at home and quietly surfing the Internet, you really should be worried about who is watching.
The Gramm-Leach-Bliley Act (G-L-B) versus Best Practices in Network Security
by Thomas Hinkel - June 5, 2001
This paper discusses the G-L-B act, specifically looking at Title V, section 501 titled "Protection of nonpublic personal information" which mandates financial institutions implement "administrative, technical and physical safeguards" for customer records and information.
An Introduction to TEMPEST
by Cassi Goodman - April 18, 2001
National Communications Security Committee Directive 4 sets U.S. TEMPEST standards.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.