- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
SANS InfoSec Reading Room - Best Practices
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
Featuring 40 papers as of Aug 30, 2008
- Building a Security Practice within a Mixed Product-R&D and Managed-Service Business
- Evan Scheessele
- July 27, 2007
- - download paper
- Sudo for Windows (sudowin)
- Andrew Kutz
- February 14, 2007
- - download paper
- Beyond the Preoccupation with Certification & Accreditation
- Kevin Esser
- May 5, 2005
- - download paper
- Midrange & Mainframe systems for Security Policies compliance control Tool
- Pierre Cailloux
- February 12, 2005
- - download paper
- Network Security and the SMB
- Matthew Hawley
- January 28, 2005
- - download paper
- Internal Security in a Engineering Development Environment
- Art Homs
- January 17, 2005
- - download paper
- Patch Management and the Need for Metrics
- Ken MacLeod
- August 28, 2004
- - download paper
- Host Assessment and Risk Rating
- Radhika Vedaraman
- August 28, 2004
- - download paper
- Applied Principles of Defense-in-Depth: A Parents Perspective
- Tom Miles
- August 25, 2004
- - download paper
- Using Proactive Depth in Defense to Ease Patch Management Problems
- David Gadue
- August 15, 2004
- - download paper
- Computer Security And The Law: What You Can Do To Protect Yourself
- Karen Poffenbergen
- July 25, 2004
- - download paper
- Beyond Patch Management
- Dan Shauver
- July 25, 2004
- - download paper
- Printing the Paper and Serving the News after a Localized Disaster
- John Soltys
- June 9, 2004
- - download paper
- The Art of Web Filtering
- Robert Alvey
- April 8, 2004
- - download paper
- Keys to Implementing a Successful Security Information Management Solution (or Centralized Security Monitoring)
- Michael Martin
- January 11, 2004
- - download paper
- Securing the Network in a K-12 Public School Environment
- Russell Penner
- December 21, 2003
- - download paper
- Defense-In-Depth Applied to Laptop Security: Ensuring Your Data Remains Your Data
- Chris Grant
- December 13, 2003
- - download paper
- 8 Simple Rules For Securing Your Internal Network
- Douglas Ford
- November 6, 2003
- - download paper
- Pre-Development Security Planning
- Keith Marohn
- October 31, 2003
- - download paper
- System Administrator - Security Best Practices
- Harish Setty
- October 31, 2003
- - download paper
- Vulnerability Identification and Remediation Through Best Security Practices
- BJ Bellamy
- October 31, 2003
- - download paper
- Centralized Network Security Management: Combining Defense In Depth with Manageable Security
- Scott Rasmussen
- October 31, 2003
- - download paper
- A Survival Guide for Security Professionals
- Conrad Morgan
- October 31, 2003
- - download paper
- Who Wants To Be A Weakest Link?
- Russell T. Hany
- October 31, 2003
- - download paper
- Securing Our Critical Infrastructures
- Chris A. Brooks
- October 31, 2003
- - download paper
- Secure Computing - An Elementary Issue
- Susan J. Briere
- October 31, 2003
- - download paper
- Securing Your RILOE Cards
- Rick McCarter
- October 31, 2003
- - download paper
- Designing a Secure Local Area Network
- Daniel Oxenhandler
- October 31, 2003
- - download paper
- OpenVMS 7.2 Security Essentials
- Jeff Leving
- October 31, 2003
- - download paper
- Securing an Application: A Paper on Plastic
- Joe Rhode
- October 31, 2003
- - download paper
- The Internal Threat to Security Or Users Can Really Mess Things Up
- Charles Rhodes
- October 31, 2003
- - download paper
- A Guide to Government Security Mandates
- Christian Enloe
- October 31, 2003
- - download paper
- Using a Capability Maturity Model to Derive Security Requirements
- Mike Phillips
- October 31, 2003
- - download paper
- Endusers - A Critical Link in the Chain of Security
- Dana Brigham
- October 31, 2003
- - download paper
- Security in Practice- Reducing the Effort
- Leon Pholi
- October 31, 2003
- - download paper
- Open Source Risk Mitigation Process
- Carlos Casanova
- October 31, 2003
- - download paper
- Implementing Least Privilege at your Enterprise
- Jeff Langford
- October 31, 2003
- - download paper
- Federal Information Technology Management and Security
- John Hopkins
- October 31, 2003
- - download paper
- A Practical Methodology for Implementing a Patch management Process
- Daniel Voldal
- October 31, 2003
- - download paper
- Implementing an Effective IT Security Program
- Kurt Garbars
- August 28, 2002
- - download paper
Check Them Out!
This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC
