SANS InfoSec Reading Room - Digital Privacy

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

ForeScout_GSN

Featuring 29 papers as of May 23, 2013
PDF Surfing the Web Anonymously - The Good and Evil of the Anonymizer
By: Peter Chow (posted on October 8, 2012)
Companies of all sizes spend large amounts of time, resources, and money to ensure that their network resources and Internet connections are not being misused.
PDF Risk Assessment of Social Media
By: Robert Shullich (posted on May 16, 2012)
According to a September 2011 survey, 63% respondents indicated “that employee use of social media puts their organization’s security at risk" while 29% "say they have the necessary security controls in place to mitigate or reduce the risk" (Ponemon Institute, 2011).
PDF Diskless Cluster Computing: Security Benefit of oneSIS and Git
By: Aron Warren (posted on April 16, 2012)
This paper introduces the joining of two software packages, oneSIS and Git. Each package by itself is meant to tackle only a certain class of problem.
PDF Which Disney© Princess are YOU?
By: Joshua Brower (posted on March 18, 2010)
Social engineering takes many form; some obvious, some not so obvious. One not so obvious form is that of questionnaires—be it a knock on the door to answer a survey for a “census” worker, or a “harmless” quiz found on a social networking site. Depending upon their content, they can serve as a very powerful means of capturing and correlating information for nefarious purposes.
PDF Document Metadata, the Silent Killer...
By: Larry Pesce (posted on December 3, 2008)
PDF Phishing and Pharming - The Evil Twins
By: Tushar Srivastava (posted on February 14, 2007)
This paper discusses the ways and means of defending the integrity of online business by foiling such attempts using a three pronged approach: education and awareness, technology, and law enforcement.
PDF Identity Theft: Imitation Is Not The Sincerest Form Of Flattery
By: Reg Washington (posted on May 17, 2005)
The purpose of this paper is to completely define the threat of identity theft. The paper will outline the following: how identity theft occurs, tips to avoid becoming a victim, and ways to recognize if you've been victimized.
PDF Hidden Data in Electronic Documents
By: Deborah Kernan (posted on August 25, 2004)
Document authors may be unaware that their documents contain hidden data and that there is the potential for the inadvertent release of sensitive information when sharing these documents with others.
PDF Conflicting Identities: The Digital Government Dilemma
By: Kevin Iwersen (posted on July 25, 2004)
Over the past several years, government organizations have rapidly technologies to improve service delivery to their citizens.
PDF Surviving The Camera Phone Phenomenon
By: Russell Robinson (posted on May 2, 2004)
The principal aim of this paper is to present the security practitioner with a compelling argument in favor of the immediate planning and implementation of appropriate security measures to protect against the threat of camera phones.
PDF IT Security: Legal Issues in Australia
By: Catherine Edis (posted on May 2, 2004)
There are a number of legal issues specific to Australia that could potentially impact an organisation's IT security program and practices.
PDF Responsibilities of Management, Information Technology Personnel and the Consumer.
By: Philippa Lawton (posted on March 25, 2004)
Companies are moving toward becoming "paperless" and our personal and private information lies somewhere between the office walls and the Cat5 cabling in a form that many average people do not understand: servers, databases, directories, files, clusters, and sectors.
PDF Case Study: One Companys Response to the California Identity Theft Law
By: Gordon Bass (posted on November 19, 2003)
The California identity theft law, SB 1386, went into effect July 1, 2003, soon after several cases of identity theft were perpetrated by individuals who had stolen our clients' confidential data, setting the stage for risk mitigation and remediation efforts by our company, outlined in this paper.
PDF Gramm-Leach-Bliley Act Title V Complexities and Compliancy for the Community Banking Sector
By: Joseph Seaman (posted on October 31, 2003)
This report will focus on the requirements that are mandated in the legislation as well as the interpretation by federal regulatory agencies such as the FDIC and OCC.
PDF The Gramm-Leach-Bliley Act (G-L-B) versus Best Practices in Network Security
By: Thomas K. Hinkel (posted on October 31, 2003)
This paper discusses the G-L-B act, specifically looking at Title V, section 501 titled "Protection of nonpublic personal information" which mandates financial institutions implement "administrative, technical and physical safeguards" for customer records and information.
PDF Are You Being Watched?
By: Lorna J. Hutcheson (posted on October 31, 2003)
The purpose of this paper is to make you aware that while you are sitting at home and quietly surfing the Internet, you really should be worried about who is watching.
PDF Identity Theft Made Easy
By: Roy Reyes (posted on October 31, 2003)
This paper discusses identity theft, made easy and "impersonal" with the use of the Internet and the development of shareware tools.
PDF Comparison of Three Online Privacy Seal Programs
By: BrianK. Markert (posted on October 31, 2003)
The purpose of this paper is to provide evidence as to why companies should be concerned with consumer privacy and to compare three organizations' third-party assurance privacy certification programs: TRUSTe, BBBOnLine and WebTrust.
PDF Losing Yourself: Identity Theft in the Digital Age
By: Greg Surber (posted on October 31, 2003)
This paper provides a discussion on the expansion of a crime that feeds on the inability of consumers to control who has access to sensitive information and how it is safeguarded: identity theft.
PDF Information Privacy Topics, A Discussion
By: Jennifer Celender (posted on October 31, 2003)
This paper will discuss current laws over electronic data and emails in the workplace, and associated rights of both the employer and employee.
PDF Spyware - Identification and Defense
By: Lewis Edge (posted on October 31, 2003)
This paper addresses the topic of spyware.
PDF A Survey of Recent Threats to Privacy Rights
By: Richard Gutter (posted on October 31, 2003)
In this paper we will restrict ourselves to comments on governmental attempts to abridge or deny this specific right through two related techniques: the interception of internet communications and the legal restrictions placed on encryption.
PDF Using Security To Protect The Privacy of Customer Information
By: Alan Pacocha (posted on October 31, 2003)
This paper will discuss the concepts of governmental privacy regulation and an organization's privacy policy.
PDF Deleting Sensitive Information: Why Hitting Delete Isn't Enough
By: Hans Zetterstrom (posted on October 31, 2003)
This article intends to show that the deletion of files cannot be left to the delete key if those files are supposed to be disposed of securely.
PDF Personal Proxy - Online Privacy Protection for Home Users
By: Tony Yao (posted on October 31, 2003)
This paper describes certain online information collection methods and related privacy issues and introduces several personal proxy tools, particularly WebWasher in detail, to secure home users' online privacy.
PDF Silicon Graphics IRIX Sanitization Overwrite Procedures
By: Michael Davis (posted on October 31, 2003)
This document references a United States Department of Defense three-pass overwrite standard and then describes procedures that are used to overwrite media according to that standard using the Silicon Graphics Incorporated IRIX operating system "FX" utility.
PDF Act Now! An Introduction To Canada’s PIPED Act and its Affect on Organizations and IT Departments
By: Kevin Egan (posted on October 4, 2002)
This paper has been written to cast some light on this important piece of legislation and the inherent responsibilities it imposes on organizations and IT departments.
PDF Canadian Civil Liberties vs. Public Security: Post Crisis, Have the Terrorists Won?
By: Trevor Textor (posted on November 15, 2001)
The Personal Information Protection and Electronic Documents Act represents a good example of an act that upholds citizens' right to privacy. This is legislation created to protect the citizens.
PDF An Introduction to TEMPEST
By: Cassi Goodman (posted on April 18, 2001)
National Communications Security Committee Directive 4 sets U.S. TEMPEST standards.
SANS Reading Room

SANS is a great place to enhance your technical and hands on skills and tools. I thoroughly recommend it.
-Aaron Waugh, Datacom NZ Ltd.

SEC505: Securing Windows and Resisting Malware

Latest Whitepapers

Securing BYOD With Network Access Control, a Case Study
By Lawrence Orans

Event Monitoring and Incident Response
By Ryan Boyle

Dead Linux Machines Do Tell Tales
By James Fung

Latest Tweets

SANS San Francisco 2013 offers 7 courses to boost your Cyber [...]
May 23, 2013 - 3:06 PM

Excellent blog post by @MarkBaggett on pen testing MS SQL vi [...]
May 22, 2013 - 7:39 PM

#appsec "WhatWorks in AppSec: Log Forging" http://t.co/Gsq91O7UAH
May 22, 2013 - 10:00 AM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee