Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact email@example.com.
By: Andrew Hildick-Smith (posted on August 24, 2005)
Supervisory Control and Data Acquisition (SCADA) systems and other similar control systems are widely used by utilities and industries that are considered critical to the functioning of countries around the world.
A company is a statement of faith between suppliers, employees, investors and customers. If any one or more of those groups decides they don't want to play any more, then the game is over. If a bank loses critical customer information because of a security failure, a financial risk arbitrage maneuver won't help.
By: Rachelle L. Miller (posted on October 31, 2003)
This paper provides an overview of the Open Systems Interconnection (OSI) reference model which defines a hierarchical architecture that logically partitions the functions required to support system-to-system communication.
By: Ariffuddin Aizuddin (posted on October 31, 2003)
This paper provides an overview of an international effort called Common Criteria (CC), an IT Security evaluation methodology, developed to define and facilitate consistent evaluations of security products and systems, fostering international recognition and trust in the quality of security products and systems throughout the global economy.
This paper addresses the current efforts within the Department of Defense (DoD) to develop a Multi-Level Security (MLS) system, although, the same methodology and practice can be applied to other networks with similar requirements.
This analysis will look at the Certification and Accreditation models, Risk assessment frameworks, and risk management strategies, which can be used in combating new challenges in existing processes and standards.
By: Thomas E. Kenworthy (posted on October 31, 2003)
This paper will define FIPS (Federal Information Processing Standards), identify FIPS approved encryption algorithms, and examine some different vendor solutions and their use of these approved algorithms.
This paper seeks to survey the key points of these technologies and provide a framework for suggesting whether a TCPA/TCG or NGSCB architecture will improve security in an environment and where it may reduce security.
By reviewing the technological requirements of TEACH, the titles of the DMCA and the history of both acts this paper will show that while TEACH, to date, has not been publicly recognized as an amendment to the DMCA it can truly be viewed as such in the United States with regards to the issue of distance education.
By: Christopher Hageman (posted on October 31, 2003)
This paper, focusing on the Trusted Computing Group's standards, will provide an overview of trusted computing as it stands today: its methods, applications, possible pitfalls and current implementations.
This paper will give a description of the roadmap to the Common Criteria (CC) that basically explains the distinct but related parts and how three key CC user groups namely the consumers, developers and evaluators use them.