Security Training
Security Certification
Cyber Security Graduate School
Internet Storm Center
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software SecuritySANS InfoSec Reading Room - Country-specific Issues
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
Featuring 6 papers as of May 25, 2013
Cloud Computing - Maze in the Haze- By: Godha Iyengar (posted on October 18, 2011)
- In recent days, “Cloud Computing” has become a great topic of debate in the IT field. Clouds, like solar panels, appear intriguingly simple at first but the details turn out to be more complex than simple pictures and schematics suggest.
- Lack of Oversight Spoils Funding for Cyber Security
- By: Dennis Poindexter (posted on May 16, 2011)
- In the 1983 MGM movie, War Games, the main character was speaking to a computer that was trying to start a real World War III using a war game scenario. After a long rest, the computer started to restructure some of its moves, prompting David to say, “Are you still playing the game?” The computer responds, “of course….” And begins its countdown to launch of missiles. When we hear of a new type of attack on a US computer system it is a reminder that we are still playing the game and it hasn’t changed very much in the last 15 years. There are lulls, breaks and periods of relative calm, but they are still playing the game.
- Crosswalking Security Requirements
- By: Carla Smith (posted on September 16, 2004)
- This paper provides the background and the steps for conducting a policy focused security requirements crosswalk or mapping. This discussion is geared towards Chief Information Officers (CIOs), and others trying to navigate the road to security compliance.
- Applying the Common Criteria to the Certification &; Accreditation of Department of Defense Unclassified Information Technology Systems
- By: Arthur Roubik (posted on October 31, 2003)
- The (CC) defines the general concepts and principles of information security, identifies requirements for the security of an IT system or product, and presents a general model of evaluation using categories of functional requirements and assurance requirements.
- DITSCAP - DoD's Answer to Secure Systems
- By: Dan Commons (posted on October 31, 2003)
- The intent of this paper is to provide insight into a process that is rapidly being adapted, in part or as a whole, by an increasing number of local governments, the medical industry, and corporate America.
- Sensitive but Unclassified Information: A Threat to Physical Security
- By: Alexander Breeding (posted on October 6, 2003)
- This paper discusses protecting information that could lead to disastrous attacks on our own companies and/or the critical infrastructure of the United States, to include "sensitive but unclassified" information.
Check Them Out!
This was an excellent class that lead us from manual disk operations all the way through some of the newest memory forensics.
-Douglas Couch, Purdue University
