Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Featuring 33 papers as of Aug 30, 2008

Electronic Contracting In An Insecure World

Craig Wright

February 1, 2008

- download paper

Requirements For Record Keeping and Document Destruction in a Digital World

Craig Wright

January 21, 2008

- download paper

CyberLaw 101: A primer on US laws related to honeypot deployments

Jerome Radcliffe

March 16, 2007

- download paper

Information Security and Section 404 of the Sarbanes-Oxley Act

Reed Warner

May 5, 2005

- download paper

The Outsourced Productivity Information Security Risk

Eric Mittler

March 9, 2005

- download paper

Hearsay and Evidence in the Computer Emergency Response Team (CERT)

Susan Sherman

January 28, 2005

- download paper

Ethics in the IT Community

Anthony Bundschuh

January 22, 2005

- download paper

The Requirements of FDA's 21 CFR Part 11 and Software Programs That Meet the Requirements

Kristine Safi

January 19, 2005

- download paper

Federal Computer Crime Laws

Maxim May

August 15, 2004

- download paper

Offshore Outsourcing and Information Confidentiality

Mark Lum

July 25, 2004

- download paper

An Overview of Sarbanes-Oxley for the Information Security Professional

Gregg Stults

July 25, 2004

- download paper

Cyber Risk Insurance

Denis Drouin

June 9, 2004

- download paper

The Role of IT Security in Sarbanes-Oxley Compliance

Mary Fleming

April 8, 2004

- download paper

U.S. Government IT Security Laws

Trevor Burke

January 11, 2004

- download paper

Big Brother at the Office: Friend or Foe?

Clint M Satterwhite

October 31, 2003

- download paper

A Context-Based Access Control Model for HIPAA Privacy and Security Compliance

Harry E Smith

October 31, 2003

- download paper

System Security and Your Responsibilities: Minimizing Your Liability

Gary Holtz

October 31, 2003

- download paper

The Art of Enforcement

Jeff Neithercutt

October 31, 2003

- download paper

HIPAA Compliance: Cost-Effective Solutions for the Technical Security Regulations

Tautra Romig

October 31, 2003

- download paper

The 2001 Patriot Act and Its Implications for the IT Security Professional

Oscar W Peterson

October 31, 2003

- download paper

Dangerous Technology: Management Beware

Brent McKinley

October 31, 2003

- download paper

The Legal System and Ethics in Information Security

Amit Raju Philip

October 31, 2003

- download paper

An Uneven Playing Field: The Advantages of the Cyber Criminal vs. Law Enforcement-and Some Practical

Torri Piper

October 31, 2003

- download paper

Running an IT Investigation in the Corporate Environment

Carl Endorf

October 31, 2003

- download paper

Preparing for HIPAA: Privacy and Security Issues to be Considered

Sherry Fischer

October 31, 2003

- download paper

Financial Institutions Required To Do Their Part To Fight Crime

Terry Ritter

October 31, 2003

- download paper

E-mail Communication with Patients in the Wake of the HIPAA Final Security Rule

Dennis Schmidt

October 31, 2003

- download paper

Issues in Protecting Our Critical Infrastructure

William Nance

June 2, 2003

- download paper

What is the Federal Government Doing to Improve the State of Information Security?

Jason Hiney

April 4, 2003

- download paper

Laws of Canada as they Pertain to Computer Crime

Donna Simmons

May 2, 2002

- download paper

The Ethics and Legality of Port Scanning

Shaun Jamieson

October 8, 2001

- download paper

Malaysian Law and Computer Crime

Wong Chong Yew

August 8, 2001

- download paper

South Africa - Computer Misuse Act, Proposed

Michael Masters

June 14, 2001

- download paper