Featuring 29 Papers as of October 8, 2012
Surfing the Web Anonymously - The Good and Evil of the Anonymizer
Peter Chow - October 8, 2012
Companies of all sizes spend large amounts of time, resources, and money to ensure that their network resources and Internet connections are not being misused.
Risk Assessment of Social Media
Robert Shullich - May 16, 2012
According to a September 2011 survey, 63% respondents indicated that employee use of social media puts their organizations security at risk" while 29% "say they have the necessary security controls in place to mitigate or reduce the risk" (Ponemon Institute, 2011).
Diskless Cluster Computing: Security Benefit of oneSIS and Git Masters
Aron Warren - April 16, 2012
This paper introduces the joining of two software packages, oneSIS and Git. Each package by itself is meant to tackle only a certain class of problem.
Which Disney© Princess are YOU?
Joshua Brower - March 18, 2010
Social engineering takes many form; some obvious, some not so obvious. One not so obvious form is that of questionnairesbe it a knock on the door to answer a survey for a census worker, or a harmless quiz found on a social networking site. Depending upon their content, they can serve as a very powerful means of capturing and correlating information for nefarious purposes.
Document Metadata, the Silent Killer...
Larry Pesce - December 3, 2008
This paper will illustrate ways in which metadata stored in common types of documents can reveal secrets about an organization and how they can benefit an attacker.
Phishing and Pharming - The Evil Twins
Tushar Srivastava - February 14, 2007
This paper discusses the ways and means of defending the integrity of online business by foiling such attempts using a three pronged approach: education and awareness, technology, and law enforcement.
Identity Theft: Imitation Is Not The Sincerest Form Of Flattery
Reg Washington - May 17, 2005
The purpose of this paper is to completely define the threat of identity theft. The paper will outline the following: how identity theft occurs, tips to avoid becoming a victim, and ways to recognize if you've been victimized.
Hidden Data in Electronic Documents
Deborah Kernan - August 25, 2004
Document authors may be unaware that their documents contain hidden data and that there is the potential for the inadvertent release of sensitive information when sharing these documents with others.
Conflicting Identities: The Digital Government Dilemma
Kevin Iwersen - July 25, 2004
Over the past several years, government organizations have rapidly technologies to improve service delivery to their citizens.
Surviving The Camera Phone Phenomenon
Russell Robinson - May 2, 2004
The principal aim of this paper is to present the security practitioner with a compelling argument in favor of the immediate planning and implementation of appropriate security measures to protect against the threat of camera phones.
IT Security: Legal Issues in Australia
Catherine Edis - May 2, 2004
There are a number of legal issues specific to Australia that could potentially impact an organisation's IT security program and practices.
Responsibilities of Management, Information Technology Personnel and the Consumer.
Philippa Lawton - March 25, 2004
Companies are moving toward becoming "paperless" and our personal and private information lies somewhere between the office walls and the Cat5 cabling in a form that many average people do not understand: servers, databases, directories, files, clusters, and sectors.
Case Study: One Companys Response to the California Identity Theft Law
Gordon Bass - November 19, 2003
The California identity theft law, SB 1386, went into effect July 1, 2003, soon after several cases of identity theft were perpetrated by individuals who had stolen our clients' confidential data, setting the stage for risk mitigation and remediation efforts by our company, outlined in this paper.
Gramm-Leach-Bliley Act Title V Complexities and Compliancy for the Community Banking Sector
Joseph Seaman - October 31, 2003
This report will focus on the requirements that are mandated in the legislation as well as the interpretation by federal regulatory agencies such as the FDIC and OCC.
The Gramm-Leach-Bliley Act (G-L-B) versus Best Practices in Network Security
Thomas Hinkel - October 31, 2003
This paper discusses the G-L-B act, specifically looking at Title V, section 501 titled "Protection of nonpublic personal information" which mandates financial institutions implement "administrative, technical and physical safeguards" for customer records and information.
Are You Being Watched?
Lorna Hutcheson - October 31, 2003
The purpose of this paper is to make you aware that while you are sitting at home and quietly surfing the Internet, you really should be worried about who is watching.
Identity Theft Made Easy
Roy Reyes - October 31, 2003
This paper discusses identity theft, made easy and "impersonal" with the use of the Internet and the development of shareware tools.
Comparison of Three Online Privacy Seal Programs
Brian Markert - October 31, 2003
The purpose of this paper is to provide evidence as to why companies should be concerned with consumer privacy and to compare three organizations' third-party assurance privacy certification programs: TRUSTe, BBBOnLine and WebTrust.
Losing Yourself: Identity Theft in the Digital Age
Greg Surber - October 31, 2003
This paper provides a discussion on the expansion of a crime that feeds on the inability of consumers to control who has access to sensitive information and how it is safeguarded: identity theft.
Information Privacy Topics, A Discussion
Jennifer Celender - October 31, 2003
This paper will discuss current laws over electronic data and emails in the workplace, and associated rights of both the employer and employee.
Spyware - Identification and Defense
Lewis Edge - October 31, 2003
This paper addresses the topic of spyware.
A Survey of Recent Threats to Privacy Rights
Richard Gutter - October 31, 2003
In this paper we will restrict ourselves to comments on governmental attempts to abridge or deny this specific right through two related techniques: the interception of internet communications and the legal restrictions placed on encryption.
Using Security To Protect The Privacy of Customer Information
Alan Pacocha - October 31, 2003
Deleting Sensitive Information: Why Hitting Delete Isn't Enough
Hans Zetterstrom - October 31, 2003
This article intends to show that the deletion of files cannot be left to the delete key if those files are supposed to be disposed of securely.
Personal Proxy - Online Privacy Protection for Home Users
Tony Yao - October 31, 2003
This paper describes certain online information collection methods and related privacy issues and introduces several personal proxy tools, particularly WebWasher in detail, to secure home users' online privacy.
Silicon Graphics IRIX Sanitization Overwrite Procedures
Michael Davis - October 31, 2003
This document references a United States Department of Defense three-pass overwrite standard and then describes procedures that are used to overwrite media according to that standard using the Silicon Graphics Incorporated IRIX operating system "FX" utility.
Act Now! An Introduction To Canadas PIPED Act and its Affect on Organizations and IT Departments
Kevin Egan - October 4, 2002
This paper has been written to cast some light on this important piece of legislation and the inherent responsibilities it imposes on organizations and IT departments.
Canadian Civil Liberties vs. Public Security: Post Crisis, Have the Terrorists Won?
Trevor Textor - November 15, 2001
The Personal Information Protection and Electronic Documents Act represents a good example of an act that upholds citizens' right to privacy. This is legislation created to protect the citizens.
An Introduction to TEMPEST
Cassi Goodman - April 18, 2001
National Communications Security Committee Directive 4 sets U.S. TEMPEST standards.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.