Higher Ed IT Pros: Take the SANS Survey & Enter to Win iPad

Reading Room

Managed Services

Featuring 12 Papers as of May 2, 2013


  • Analysis of the building blocks and attack vectors associated with the Unified Extensible Firmware Interface (UEFI) Jean-Franc Agneessens - May 2, 2013

    The Basic Input/Output System (BIOS) is the code that is the closest you can get to the underlying hardware.

  • Determining the Role of the IA/Security Engineer Brian Dutcher - October 14, 2010

    What is your view of the role performed by an IA/Security Engineer? Is it focused on securing the network perimeter through the operations of the firewall, virtual private networks (VPNs), intrusion detection system/intrusion prevention system (IDS/IPS), network access control (NAC), data loss prevention (DLP) and enterprise anti-virus solutions? Is it the network specialist responsible for the secure design of the local area network (LAN), virtual LAN (VLAN), wide area network (WAN) and all endpoints? Is it the systems designer or operator responsible for the security of all clients and servers? Is it a software developer specializing in developing and hardening custom applications? Is the IA/Security Engineer someone who is an expert in all these areas? Is the IA/Security Engineer a specialized single technology (i.e. Cisco) expert, or is the position technologically agnostic, working at a higher level where specific detailed technology is irrelevant in the bigger scheme of things?

  • Outsourced Information Technology Environment Audit Navaratnasingam Arunanthy - April 27, 2010

    Outsourcing was hyped in the mid 90s as one way to reduce IT cost, as well as to gain expertise for better business operations. Today some or many of the information technology activities in many organizations are outsourced. IT outsourcing occurs when an organization contracts a service provider to perform an IT function instead of performing the function itself. The service provider could be a third party or another division or subsidiary of a single corporate entity. Increasingly, organizations are looking offshore for the means to minimize IT service costs and related taxes.(CICA, 2003) Outsourced environments are complex and highly integrated with organizations and operations. As complexity increases managing relationships with service providers becomes challenging. A survey performed by the IT Governance Institute indicates that problems with outsourcers increased on year 2007 from 74 Compound Problem Index (CPI) on year 2005 to 127 CPI. The CPI is the result of multiplying the outcomes from the several questions about the IT-related problems experienced by the749 respondents.(ITGI, 2008)

  • Identity and Access Management Solution Martine Linares - June 29, 2005

    Companies must be able to trust the identities of users requiring access and easily administer user identities in a cost-effective way.

  • A Security Guide For Acquiring Outsourced Service Bee Tiow - November 5, 2003

    This guide is an attempt to collate all security requirements relating to outsourcing, for which organisations seeking outsourcing should actively look into.

  • Requirements For Managing Security Information Overload Sridhar Juvvadis - October 31, 2003

    This paper discusses the important criteria in developing an information management solution. These requirements can be used as a guideline for comprehensive evaluation of various solutions.

  • Why MSS? William Kinsey - October 31, 2003

    This paper examines Managed Security Services in the context of providing CIA (confidentiality, integrity, and availability).

  • Security Outsourcing Jonathan Faile - October 31, 2003

    The primary focus of this paper is outsourcing security services and therefore most of the discussion will reflect that, though some mention of the other two options will be put forth.

  • Successfully Managing Cyber Security James Johnson - October 31, 2003

    This paper describes how managing a cyber security program involves physically protecting your company's investment in computer hardware, ensuring system availability, verifying information integrity, and securing confidential information.

  • Web Services Security - An Overview Scott Burns - October 31, 2003

    This paper presents an overview of web services secrity.

  • Security Issues of Integrating a Stand-alone System into Corporate Network Edward Jirak - October 31, 2003

    This paper describes some methods to improve security on systems that were originally designed as stand-alone or where security issues were ignored. It points out the weaknesses which have to be addressed before integration. It describes various channels into the system and explores ways on how to protect these pathways from being exploited

  • Extranet Access Management (EAM) Nev Sealey - October 31, 2003

    This document will give an overview of EAM architecture, EAM security, EAM a standard security model, and how EAM integrates with JAVA.

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.

Masters This paper was created by a SANS Technology Institute student as part of their Master's curriculum.