5 days to save $500 for SANS Rocky Mountain 2013

SANS InfoSec Reading Room - Getting Started/InfoSec

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Secunia_yearly_report

Featuring 13 papers as of May 25, 2013
PDF Information Risks & Risk Management
By: John Wurzler (posted on May 1, 2013)
In a relatively short period of time, data in the business world has moved from paper files, carbon copies, and filing cabinets to electronic files stored on very powerful computers.
PDF Information Security: Starting Out
By: Stewart James (posted on December 7, 2009)
Going from technical guru to Information Security Manager can be a bigger step than you might think. Taking on the role of IT Security Officer in an enterprise that treats information security as an IT problem can offer many challenges and many opportunities to learn.
PDF Innovative Technologies and Guidelines Securing 21Century Telecommunications
By: Joseph Cronin (posted on August 18, 2006)
This paper defines the fundamentals of 802.1x authentication, explains how the authentication process works in 802.1x, and provides the detailed steps to implement 802.1x in a switched LAN environment using Cisco's Implementation of 802.1x.
PDF Secure Perimeter Network Design for GIAC Enterprises
By: Ted Franger (posted on May 17, 2005)
This paper puts forth a secure perimeter network design for the fictional company GIAC Enterprises, which is in the business of brokering fortune cookie sayings. The paper consists of three assignments and is completed in fulfillment of the requirements of a practical exam for the GIAC Certified Firewall Analysis Certification.
PDF Possible Points of Failure in the Information Security Environment
By: Marion Qualls (posted on July 25, 2004)
The task of designing a secure infrastructure for IIS 5.0 web servers within a DMZ is difficult enough. Securing an existing DMZ becomes exponentially more difficult due to the added requirement of retrofitting those currently working servers with more appropriate security settings, policies and operational procedures while not adversely affecting website or application availability and keep costs to a minimum throughout the process.
PDF Improving Defense in Depth for NASA's Mission Network
By: Mary Foote (posted on October 31, 2003)
This paper discusses the defense building blocks used by NASA which include increasing network capabilities, continued examination of network capabilities, assessment of new technologies and tools, increased security awareness for NASA non-security professionals, and training of the Mission Network security team members.
PDF Security Education for Users: A Starting Place for Network Administrators
By: Blou Baker (posted on October 31, 2003)
This paper provides a simple outline of conducting basic computer security training within organizations.
PDF Ways To Become An Effective Information Security Professional - From A GIAC Wannabe Perspectives
By: Asmuni bin Yusof (posted on October 31, 2003)
This paper will examine the requirements necessary to become an effective Information Security Officer (ISO).
PDF Pockets of Chaos: Management Theory for the Process of Computer Security
By: Jason S. Collins (posted on October 31, 2003)
This paper discusses Computer Security as an ongoing journey, not simply a destination and outlines a flexible security framework that manages "pockets of chaos" to better help organizations achieve their security goals.
PDF Anti-Virus Strategy in a Public K-12 Educational Environment
By: Shawn Wyman (posted on October 31, 2003)
This paper discusses virus protection within a K-12 educational environment
PDF A Primer on OpenVMS (VMS) Security
By: Steven Bourdon (posted on October 31, 2003)
This paper provides an overview of the VMS operating system, security concepts and features, and several recent vulnerabilities affecting VMS.
PDF Digital Signature and Multiple Signature: Different Cases for Different Purposes
By: Chafic Maroun Rouhana Moussa (posted on October 31, 2003)
This paper will discuss digital signatures, how the security properties of integrity, authentication, and non-repudiation are respected and present the purposes of multiple signature schemes.
PDF Information Security: Managing Risk with Defense in Depth
By: Kenneth Straub (posted on October 31, 2003)
This paper provides a detailed overview of risk/risk management & data classification and why we need the Defense in Depth strategy.
SANS Reading Room

Wow! It's an incident handler's Christmas morning, tools, tools, tools. Very Applicable!
-Todd Davis, Symantec

SANSFIRE 2013 - Washington

Latest Whitepapers

Securing BYOD With Network Access Control, a Case Study
By Lawrence Orans

Event Monitoring and Incident Response
By Ryan Boyle

Dead Linux Machines Do Tell Tales
By James Fung

Latest Tweets

SANS San Francisco 2013 offers 7 courses to boost your Cyber [...]
May 23, 2013 - 3:06 PM

Excellent blog post by @MarkBaggett on pen testing MS SQL vi [...]
May 22, 2013 - 7:39 PM

#appsec "WhatWorks in AppSec: Log Forging" http://t.co/Gsq91O7UAH
May 22, 2013 - 10:00 AM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd