Security Training
Security Certification
Cyber Security Graduate School
Internet Storm Center
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software SecuritySANS InfoSec Reading Room - Security Modeling
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
Featuring 12 papers as of May 22, 2013
Mitigating Browser Based Exploits through Behavior Based Defenses and Hardware Virtualization- By: Joseph Faust (posted on October 7, 2011)
- There does not seem to be a day or week that goes by that one does not encounter a headline story about an organization being compromised and infiltrated by attackers.
- Measuring Psychological Variables of Control In Information Security
- By: Josh More (posted on January 12, 2011)
- “Perceived Control” is a core construct used in the psychology field that can be considered an aspect of empowerment (Eklund, & Backstrom, 2006). Effectively, it is a measure of how much control people feel that they have, as opposed to the amount of “Actual Control” that they may have. It is often paired against constructs such as “Vicarious Control” and “Vicarious Perceived Control”, which measure the amount of control that outside entities have over the subject. Often, these are variables measured in the psychology/health field. For example, in the world of medicine, when patients report a lack of perceived control over controllable illnesses such as diabetes (Helgeson, & Franzen, 1997), breast cancer (Helgeson, 1992) and heart disease (Helgeson, 1992), they often do more poorly than patients who feel that they have a greater sense of control over their illness. There is also evidence that students with high perceived control do substantially better academically than those with low, though this seems to also link with emotions surrounding the tasks at hand (Ruthig, Perry, Hladkyj, Hall, & Pekrun, 2008). In short, people who are interested in and excited by what they are doing tend to perform better.
- Network Security Model
- By: Josh Backfield (posted on July 3, 2008)
- A well structured NSM will give the security community a way to study, implement, and maintain network security that can be applied to any network. In study, it can be used as a tool to breakdown network security into seven simple layers with a logical process. Traditional books have always presented network security in an unorganized fashion where some books cover issues that other books may completely neglect. In implementation, it can be used by network architects to insure that they are not missing any important security details while designing a network. In maintaining existing networks it can be used to develop maintenance schedules and life-cycles for the security of the existing network. It can also be used to detect where breaches have occurred so that an attack can be mitigated.
- Advanced Threat Analytics for Incident Response
- By: Darren Spruell (posted on March 28, 2008)
- Governmental Effects upon the Cyber Security Decision Making Cycle
- By: Bruce Norquist (posted on May 5, 2005)
- The purpose of this paper is to consider the direct influence and impact of government agencies on the cybersecurity decision cycle, especially regarding computer system and network critical infrastructure.
- Governmental Effects upon the Cyber Security Decision Making Cycle
- By: Bruce Norquist (posted on March 9, 2005)
- The purpose of this paper is to consider the direct influence and impact of government agencies on the cybersecurity decision cycle, especially regarding computer system and network critical infrastructure.
- Building a More Secure Network
- By: George Rosamond (posted on June 9, 2004)
- When firms, including less capital-flush small and mid-sized entities, look to increase the level of security on their networks, they frequently look to expensive hardware and software solutions.
- Building a Secure Enterprise Grade V3PN
- By: Ian C. Rudy (posted on February 26, 2004)
- The purpose of this paper is to demonstrate a secure, scalable, and redundant V3PN architecture that can be used as a model for implementation in the Enterprise.
- Applying Security to an Enterprise using the Zachman Framework
- By: Lori L. DeLooze (posted on October 31, 2003)
- Designing and implementing a streamlined, integrated security architecture should not be difficult if you follow the Zachman Framework as a guide.
- The Evolution of the Information Security Mindset: A Hypothesis of Stages of Individual and Enterpri
- By: Glenn Fourie (posted on October 31, 2003)
- This paper explores the evolution of individual and enterprise thinking around information security.
- Implementing a Project Security Review Process within the Project Management Methodology
- By: Darlene Hart Rodgers (posted on October 31, 2003)
- This paper will focus on how to get greater penetration of security policies within the enterprise, by adding a security review process within the existing project management methodology.
- Building a Secure Internet Data Center Network Infrastructure
- By: Chang Boon Tee (posted on November 7, 2001)
- Best practice information on designing and implementing secure networks in an Internet Data Center.
Check Them Out!
SANS is second to none! In my opinion there is no other security training organization that provides the depth of technical knowledge and breadth of subjects at reasonable costs!
-Joseph Cosgriff, NC State University
