Last Chance: MacBook Air, Dell XPS 13 or $600 off with SANS Online Training Ends December 7

Reading Room

SANS eNewsletters

Receive the latest security threats, vulnerabilities, and news with expert commentary


Featuring 8 Papers as of March 27, 2014

  • Framework for building a Comprehensive Enterprise Security Patch Management Program Masters
    by Michael Hoehl - January 2, 2014 

    The concept of a patch is pretty straight forward and broadly understood. In business terms, patching is a form of quality control and defect repair.

  • Using the Center for Internet Security (CIS) Benchmarks to Support an Information Security Management System Masters
    by Robert J. Mavretich - January 25, 2013 

    Humans are quite a fickle bunch. We learn our daily tasks and responsibilities in varying ways and pass on that knowledge in an increasingly different world than the one we learned it in.

  • Security Controls in Service Management by Katherine Warren - December 20, 2010 

    The Information Technology Infrastructure Library (ITIL) v3 Core describes best practices for all aspects of the service management lifecycle. The ITIL Core consists of five publications, each providing guidance on a specific phase in the service management lifecycle.

  • Humans... The Overlooked Asset by Muhammad EL-Harmeel - January 7, 2010 

    Security Whitepaper: How humans are an important part of the Information System. Humans provide a huge source of both vulnerability and protection.

  • Patch Management Masters
    by Brad Ruppert - January 24, 2008 

    This paper discusses the steps required to implement a successful security patchmanagement solution which can be used to help protect the enterprise. Patch management is about mitigating risk to the confidentiality of your data and the integrity of your systems. Patch management can be the most effective tool used to protect against vulnerabilities and the least expensive to maintain if implemented effectively. The goal of this paper is to describe how to establish a routine patch-management procedure and to make it a part of standard operations.

  • Warren Inc. Contact Centre Information Security Management System by Katherine Warren - November 8, 2007 

    Warren Inc. is a fictional company that focuses on providing customers with productivity tools and solutions. The Warren Inc. head office is located in Toronto, with satellite offices in Montreal, Calgary and Vancouver. Warren Inc. currently generates $10 Billion yearly in gross revenue and has a customer base of three million subscribers. Eighty percent of Warren Inc. revenue is generated through the Contact Centre. Warren Inc. has recently implemented a commercial Contact Centre solution to provide sales, technical support and general inquiry services to our customers. The Contact Centre uses fictional contact centre software, ContactALL from vendor Fantastic Software Inc. Availability of the Contact Centre is critical to the business operations of Warren Inc.

  • Information Security Management System (7799) for an Internet Gateway by Amarottam Shrestha - August 25, 2004 

    The Internet presence is an important aspect most businesses these days. An Internet gateway provides network security for businesses from the Internet. It is important that the Internet gateway is designed, implemented and operated in a secure manner.

  • Understanding HIPAA Security Implications Of a Wireless LAN Subsystem Using the ISO/IEC 17799 ISMS Standard by Frederick Hawkes - July 25, 2004 

    This paper describes the initial development of an Information Security Management System (ISMS) that will address possible regulatory issues of using Wireless LANs in an assisted living / extended care facility (EcFac1).

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact

All papers are copyrighted. No re-posting or distribution of papers is permitted.

Masters - This paper was created by a SANS Technology Institute student as part of their Master's curriculum.