Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Featuring 47 papers as of Dec 2, 2008

• The SANS Security Policy Project

5 Keys to a Successful Identity and Access Management Implementation
CA - October 2008 (Opens in new window)

Identity and Access Management: A Comprehensive Buyer's Guide
CA - October 2008 (Opens in new window)

Closing Internal User Visibility and Data Governance Gaps with PacketMotion
PacketMotion - April 2008

There's a hole in my infrastructure? The road to PCI Compliance

Jonathan Chaitow

July 3, 2008

- download paper

Understanding the Importance of and Implementing Internal Security Measures

Michael Durgin

September 27, 2007

- download paper

Information Security Policy - A Development Guide for Large and Small Companies

Sorcha Diver

July 17, 2007

- download paper

Risks and Rewards of Instant Messaging in the Banking Sector

Nicholas Rose

June 13, 2005

- download paper

Security In An Open Environment Such As A University?

Carol Templeton

May 5, 2005

- download paper

Protecting Your Corporate Network from Your Employee's Home Systems

Todd Rosenberry

February 9, 2004

- download paper

Acceptable Use Policy Document

Raymond Landolo

October 31, 2003

- download paper

Development of an Effective Communications Use Policy

Tim O' Neil

October 31, 2003

- download paper

Social Engineering - For the Good Guys

James E. Keeling

October 31, 2003

- download paper

Managing Internet Use: Big Brother or Due Diligence?

Steve Greenham

October 31, 2003

- download paper

Security Policy: What it is and Why - The Basics

Joel S. Bowden

October 31, 2003

- download paper

Federal Systems Level Guidance for Securing Information Systems

James Corrie

October 31, 2003

- download paper

Developing Security Policies For Protecting Corporate Assets

Jasu Mistry

October 31, 2003

- download paper

Developing Effective Information Systems Security Policies

RDaniel Lee

October 31, 2003

- download paper

Technical Writing for IT Security Policies in Five Easy Steps

J.Patrick Lindley

October 31, 2003

- download paper

Congratulations to the New Security Manager

Nancy J. Carpenter

October 31, 2003

- download paper

Security Policy Roadmap - Process for Creating Security Policies

ChaiwKok Kee

October 31, 2003

- download paper

Impact of HIPAA Security Rules on Healthcare Organizations

Tim Ferrell

October 31, 2003

- download paper

No Budget, No Policy: Leading the Bull by the Nose or Thank God for the Cisco IOS Firewall Feature S

Richard Haynal

October 31, 2003

- download paper

When Policies that have 'Always Worked', Don't or "The Mask of the Code

Rich Parker

October 31, 2003

- download paper

Systems Maintenance Programs - The Forgotten Foundation and Support of the CIA Triad

C.Farley Howard

October 31, 2003

- download paper

Security, It's Not Just Technical

Kevin M. Dulany

October 31, 2003

- download paper

Formulating a National Cryptography Policy: Relevant Issues, Considerations and Implications for Sin

Francis Chong Heng Goh

October 31, 2003

- download paper

Security Policies in a Global Organization

Gerald P. Long

October 31, 2003

- download paper

The Use of Case Law in Negotiating the Acceptance of Post Secondary Computer Policies

George B. Koszegi

October 31, 2003

- download paper

A Preparation Guide to Information Security Policies

David Jarmon

October 31, 2003

- download paper

One Approach to Enterprise Security Architecture

Nick Arconati

October 31, 2003

- download paper

Defining Policies Using Meta Rules

Dan McGinn-Combs

October 31, 2003

- download paper

Deception: A Healthy Part of Any Defense in-depth Strategy

Paul Anderson

October 31, 2003

- download paper

Sensitive But Unclassified

Andrew Helyer

October 31, 2003

- download paper

Developing Security Policies: Charting an Obstacle Course

Rosemary Sumajit

October 31, 2003

- download paper

Building and Implementing an Information Security Policy

Martyn Elmy-Liddiard

October 31, 2003

- download paper

Peer-to-Peer File-Sharing Networks: Security Risks

William Couch

October 31, 2003

- download paper

Leveraging a Securing Awareness Program from a Security Policy

Howard Uhr

October 31, 2003

- download paper

Danger Within

Dennis Spalding

October 31, 2003

- download paper

Creating an Information Systems Security Policy

Walter F. Patrick

October 31, 2003

- download paper

An Overview of Corporate Computer User Policy

Philip J. Kaleewoun

October 31, 2003

- download paper

Developing a Security Policy - Overcoming Those Hurdles

Chris Wan

October 31, 2003

- download paper

Guidelines for an Information Sharing Policy

Chris Gilbert

October 31, 2003

- download paper

Security Policies: Where to Begin

Laura Wills

October 31, 2003

- download paper

Creating an IT Security Awareness Program for Senior Management

Robert Nellis

October 31, 2003

- download paper

Security considerations with Squid proxy server

Eric Galarneau

October 31, 2003

- download paper

The social approaches to enforcing information security

Roger Gilhooly

October 31, 2003

- download paper

Security Process for the implementation of a Companys extranet network

Kirk Steinklauber

October 31, 2003

- download paper