Sorry! The requested paper could not be found.
Digital Privacy
Featuring 31 Papers as of December 11, 2019
-
Building an Audit Engine to Detect, Record, and Validate Internal Employees' Need for Accessing Customer Data SANS.edu Graduate Student Research
by Jekeon Jack Cha - December 11, 2019When using Software-as-a-Service (SaaS) products, customers are asked to store and entrust a large volume of personal data to SaaS companies. Unfortunately, consumers are living in a world of numerous data breaches and significant public privacy violations. As a result, customers are rightfully skeptical of the privacy policies that businesses provide and are looking for service providers who can distinguish their commitment to customer data privacy. This paper examines the viability of building an accurate audit engine to detect, record, and validate internal employees’ reasons for accessing a particular customer’s data. In doing so, businesses can gain clear visibility into their current processes and access patterns to meet the rising privacy demand of their customers.
-
Privacy and the Internet of Things by Peter Milley - October 25, 2017
The Internet of Things has gotten a lot of attention over the past year or so, and for good reason. From a security perspective, Internet-connected devices are easy targets, especially when they are not designed with security in mind. But, in addition to the concerns of botnets and DoS attacks, some newer devices also raise information privacy concerns.
-
Surfing the Web Anonymously - The Good and Evil of the Anonymizer by Peter Chow - October 8, 2012
Companies of all sizes spend large amounts of time, resources, and money to ensure that their network resources and Internet connections are not being misused.
-
Risk Assessment of Social Media by Robert Shullich - May 16, 2012
According to a September 2011 survey, 63% respondents indicated “that employee use of social media puts their organization’s security at risk" while 29% "say they have the necessary security controls in place to mitigate or reduce the risk" (Ponemon Institute, 2011).
-
Diskless Cluster Computing: Security Benefit of oneSIS and Git SANS.edu Graduate Student Research
by Aron Warren - April 16, 2012This paper introduces the joining of two software packages, oneSIS and Git. Each package by itself is meant to tackle only a certain class of problem.
-
Which Disney© Princess are YOU? by Joshua Brower - March 18, 2010
Social engineering takes many form; some obvious, some not so obvious. One not so obvious form is that of questionnaires—be it a knock on the door to answer a survey for a “census” worker, or a “harmless” quiz found on a social networking site. Depending upon their content, they can serve as a very powerful means of capturing and correlating information for nefarious purposes.
-
Document Metadata, the Silent Killer... by Larry Pesce - December 3, 2008
This paper will illustrate ways in which metadata stored in common types of documents can reveal secrets about an organization and how they can benefit an attacker.
-
Phishing and Pharming - The Evil Twins by Tushar Srivastava - February 14, 2007
This paper discusses the ways and means of defending the integrity of online business by foiling such attempts using a three pronged approach: education and awareness, technology, and law enforcement.
-
Identity Theft: Imitation Is Not The Sincerest Form Of Flattery by Reg Washington - May 17, 2005
The purpose of this paper is to completely define the threat of identity theft. The paper will outline the following: how identity theft occurs, tips to avoid becoming a victim, and ways to recognize if you've been victimized.
-
Hidden Data in Electronic Documents by Deborah Kernan - August 25, 2004
Document authors may be unaware that their documents contain hidden data and that there is the potential for the inadvertent release of sensitive information when sharing these documents with others.
-
Conflicting Identities: The Digital Government Dilemma by Kevin Iwersen - July 25, 2004
Over the past several years, government organizations have rapidly technologies to improve service delivery to their citizens.
-
Surviving The Camera Phone Phenomenon by Russell Robinson - May 2, 2004
The principal aim of this paper is to present the security practitioner with a compelling argument in favor of the immediate planning and implementation of appropriate security measures to protect against the threat of camera phones.
-
IT Security: Legal Issues in Australia by Catherine Edis - May 2, 2004
There are a number of legal issues specific to Australia that could potentially impact an organisation's IT security program and practices.
-
Responsibilities of Management, Information Technology Personnel and the Consumer. by Philippa Lawton - March 25, 2004
Companies are moving toward becoming "paperless" and our personal and private information lies somewhere between the office walls and the Cat5 cabling in a form that many average people do not understand: servers, databases, directories, files, clusters, and sectors.
-
Case Study: One Companys Response to the California Identity Theft Law by Gordon Bass - November 19, 2003
The California identity theft law, SB 1386, went into effect July 1, 2003, soon after several cases of identity theft were perpetrated by individuals who had stolen our clients' confidential data, setting the stage for risk mitigation and remediation efforts by our company, outlined in this paper.
-
Silicon Graphics IRIX Sanitization Overwrite Procedures by Michael Davis - May 8, 2003
This document references a United States Department of Defense three-pass overwrite standard and then describes procedures that are used to overwrite media according to that standard using the Silicon Graphics Incorporated IRIX operating system "FX" utility.
-
Gramm-Leach-Bliley Act Title V Complexities and Compliancy for the Community Banking Sector by Joseph Seaman - December 23, 2002
This report will focus on the requirements that are mandated in the legislation as well as the interpretation by federal regulatory agencies such as the FDIC and OCC.
-
Act Now! An Introduction To Canada’s PIPED Act and its Affect on Organizations and IT Departments by Kevin Egan - October 4, 2002
This paper has been written to cast some light on this important piece of legislation and the inherent responsibilities it imposes on organizations and IT departments.
-
Personal Proxy - Online Privacy Protection for Home Users by Tony Yao - September 10, 2002
This paper describes certain online information collection methods and related privacy issues and introduces several personal proxy tools, particularly WebWasher in detail, to secure home users' online privacy.
-
Deleting Sensitive Information: Why Hitting Delete Isn't Enough by Hans Zetterstrom - March 23, 2002
This article intends to show that the deletion of files cannot be left to the delete key if those files are supposed to be disposed of securely.
-
Using Security To Protect The Privacy of Customer Information by Alan Pacocha - February 21, 2002
This paper will discuss the concepts of governmental privacy regulation and an organization's privacy policy.
-
A Survey of Recent Threats to Privacy Rights by Richard Gutter - January 23, 2002
In this paper we will restrict ourselves to comments on governmental attempts to abridge or deny this specific right through two related techniques: the interception of internet communications and the legal restrictions placed on encryption.
-
Spyware - Identification and Defense by Lewis Edge - December 14, 2001
This paper addresses the topic of spyware.
-
Canadian Civil Liberties vs. Public Security: Post Crisis, Have the Terrorists Won? by Trevor Textor - November 15, 2001
The Personal Information Protection and Electronic Documents Act represents a good example of an act that upholds citizens' right to privacy. This is legislation created to protect the citizens.
-
Information Privacy Topics, A Discussion by Jennifer Celender - October 4, 2001
This paper will discuss current laws over electronic data and emails in the workplace, and associated rights of both the employer and employee.
-
Losing Yourself: Identity Theft in the Digital Age by Greg Surber - September 20, 2001
This paper provides a discussion on the expansion of a crime that feeds on the inability of consumers to control who has access to sensitive information and how it is safeguarded: identity theft.
-
Comparison of Three Online Privacy Seal Programs by Brian Markert - August 8, 2001
The purpose of this paper is to provide evidence as to why companies should be concerned with consumer privacy and to compare three organizations' third-party assurance privacy certification programs: TRUSTe, BBBOnLine and WebTrust.
-
Identity Theft Made Easy by Roy Reyes - July 25, 2001
This paper discusses identity theft, made easy and "impersonal" with the use of the Internet and the development of shareware tools.
-
Are You Being Watched? by Lorna Hutcheson - July 20, 2001
The purpose of this paper is to make you aware that while you are sitting at home and quietly surfing the Internet, you really should be worried about who is watching.
-
The Gramm-Leach-Bliley Act (G-L-B) versus Best Practices in Network Security by Thomas Hinkel - June 5, 2001
This paper discusses the G-L-B act, specifically looking at Title V, section 501 titled "Protection of nonpublic personal information" which mandates financial institutions implement "administrative, technical and physical safeguards" for customer records and information.
-
An Introduction to TEMPEST by Cassi Goodman - April 18, 2001
National Communications Security Committee Directive 4 sets U.S. TEMPEST standards.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.
SANS.edu Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.
