NEW SANS Stay Sharp Training - Live Online: Quickly sharpen your skills with 2-day management courses. Save 25% thru tomorrow!

Reading Room

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.






Country-specific Issues

Featuring 8 Papers as of September 1, 2020

  • Enabling NIS Directive Compliance with Fortinet for Operational Technology Analyst Paper (requires membership in SANS.org community)
    by Jason D. Christopher - September 1, 2020 

    The NIS Directive, adopted by the European Parliament in 2016, addresses the security of network and information systems within the EU. It also sets forth best practices to encourage better cyberrisk mitigation and incident identification and notification. This whitepaper examines how Fortinet solutions can help comply with the NIS Directive.


  • Aligning Your Security Program with the NIS Directive Analyst Paper (requires membership in SANS.org community)
    by Matt Bromiley - August 16, 2020 

    The NIS Directive, adopted by the European Parliament in 2016, addresses the security of network and information systems within the EU. It also sets forth best practices to encourage better cyberrisk mitigation and incident identification and notification. This whitepaper explores various measures of the NIS Directive and how to align your organization’s security posture with those measures.


  • Practical implementation of the Australian Signals Directorate Essential Eight Maturity Model to Level Three within residential University colleges. by Damian Halloran - August 21, 2018 

    The Australian Signals Directorate (ASD) Essential Eight Maturity Model is a subset of the ASDs Strategies to Mitigate Cyber Security Incidents and have been identified as the "most effective mitigation strategies for targeted cyber intrusions and ransomware" (Essential Eight Maturity Model: ASD Australian Signals Directorate, October 2017, Page 1). This paper will detail the planned implementation of the Essential Eight Maturity Model to Level Three in two residential University Colleges, focussing on: management justification, environment description, establishing current Maturity Level, project plan and implementation steps, detail of planned results, implementation results and new Maturity Level, framework for ongoing management, and ongoing Maturity Level verification.


  • Cloud Computing - Maze in the Haze by Godha Iyengar - October 18, 2011 

    In recent days, “Cloud Computing” has become a great topic of debate in the IT field. Clouds, like solar panels, appear intriguingly simple at first but the details turn out to be more complex than simple pictures and schematics suggest.


  • Lack of Oversight Spoils Funding for Cyber Security by Dennis Poindexter - May 16, 2011 

    In the 1983 MGM movie, War Games, the main character was speaking to a computer that was trying to start a real World War III using a war game scenario. After a long rest, the computer started to restructure some of its moves, prompting David to say, “Are you still playing the game?” The computer responds, “of course….” And begins its countdown to launch of missiles. When we hear of a new type of attack on a US computer system it is a reminder that we are still playing the game and it hasn’t changed very much in the last 15 years. There are lulls, breaks and periods of relative calm, but they are still playing the game.


  • Crosswalking Security Requirements by Carla Smith - September 16, 2004 

    This paper provides the background and the steps for conducting a policy focused security requirements crosswalk or mapping. This discussion is geared towards Chief Information Officers (CIOs), and others trying to navigate the road to security compliance.


  • Sensitive but Unclassified Information: A Threat to Physical Security by Alexander Breeding - October 6, 2003 

    This paper discusses protecting information that could lead to disastrous attacks on our own companies and/or the critical infrastructure of the United States, to include "sensitive but unclassified" information.


  • DITSCAP - DoD's Answer to Secure Systems by Dan Commons - August 15, 2001 

    The intent of this paper is to provide insight into a process that is rapidly being adapted, in part or as a whole, by an increasing number of local governments, the medical industry, and corporate America.


Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.

SANS.edu Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.