Student Projects

Student Projects

SANS Technology Institute - The most advanced technical hands on security training on the planet and a master's in information security degree program. Apply today! Click Here »

Students seeking a Master of Science in Information Security write white papers on various computer security topics. Student papers are posted here as a resource for the community.

2013
Title Author Month Files
Customized Security Awareness Program Mason Pokladnik Aug View Execution Plan - DOCX (57 KB)
View Learning Objectives - DOCX (57 KB)
View Project Charter - XLS (39 KB)
View Stakeholder Matrix - XLS (28 KB)
Steering Committee Matrix - XLS (29 KB)
Security Development Lifecycle Awareness Russ McRee Aug View SD Lifecycle Poster - PPTX (75 KB)
View SD Lifecycle Presentation - PPTX (223 KB)
Develop a Security Response Plan Russ McRee Aug View SR Plan Poster - PPTX (877 KB)
View SR Plan Policy - DOC (126 KB)
2012
Title Author Month Files
Social Networking Policy Rick Wanner Sep View Policy - PDF (102 KB)
View Poster - JPG (336 KB)
Vulnerability Assessment Policy Rick Wanner Sep View Policy - PDF (90 KB)
View Poster - JPG (385 KB)
Jumpstart a Web Application Secure Coding Program: A Five Step Process Jim Beechey Aug View Paper - PDF (180 KB)
Plan to Implement Awareness Aron Warren Jul View Steering Committee Matrix - PDF (45 KB)
View Stake Holder Matrix - PDF (49 KB)
View Security Awareness Survey - PDF (102 KB)
View Project Charter - PDF (90 KB)
View Learning Objectives - PDF (123 KB)
View Execution Plan - PDF (184 KB)
Server Audit Policy Russell Eubanks Feb Server Audit Policy - DOC (41 KB)
Server Audit Policy Poster - JPG (795 KB)
Audit Vulnerability Scan Policy Poster - JPG (487 KB)
Incorporating and Automating Critical Control 19: Secure Network Engineering for Next Generation Data Center Networks Aron Warren, George Khalil, Michael Hoehl Feb View White Paper - DOC (6.8 MB)
View Presentation - PPT (534 KB)
View Project Plan - XLS (37 KB)
View Project Charter - DOC (86 KB)
Automating Crosswalk between SP 800, the 20 Critical Controls, and the Australian Government Defence Signals Directorate's 35 Mitigating Strategies Ahmed Abdel-Aziz, Robert Sorensen Feb View White Paper - DOC (1.9 MB)
View Presentation - PPT (1.5 MB)
View Project Plan - XLSX (12 KB)
View WBS - PDF (45 KB)
View Dashboard - PNG (147 KB)
View Tasks - PNG (102 KB)
View Gantt View - PNG (90 KB)
View Milestones - PNG (45 KB)
View Tasks - PNG (102 KB)
View Press Release - DOC (33 KB)
2011
Title Author Month Files
Creating a No Phishing Zone Russell Eubanks, Tsega Thompson Dec View White Paper - DOC (868 KB)
View Presentation - PPTX (172 KB)
View Project Plan - XLSX (29 KB)
Establishing a Security Metrics Program Chris I. Cain, Erik Couture Sep View White Paper - DOC (139 KB)
View Presentation - PPT (918 KB)
View Annex A Dashboard - XLS (127 KB)
View Project Plan - PDF (147 KB)
View Project Plan Appendix 1 - PDF (61 KB)
View Project Plan Appendix 2 - PDF (82 KB)
View Press Release - DOCX (16 KB)
Security Controls Implementation Plan John Hally, Erik Couture Aug View White Paper - PDF (280 KB)
View Presentation with Notes - PDF (215 KB)
View Project Plan - PDF (72 KB)
Assessing Outbound Traffic to Uncover Advanced Persistent Threat Beth E. Binde, Russ McRee, Terrence J. O'Connor May View White Paper - PDF (1.10 MB)
View Intrusion Detection FAQ - PDF (41 KB)
View Presentation - PDF (950 KB)
View Project Plan Part 1 - XLS (33 KB)
View Project Plan Part 2 - PDF (1.1 MB)
Web Application Security Assessment Policy John Hally Feb View Slides - PDF (2.0 MB)
View Report - PDF (57 KB)
Password Policy John Hally Feb View Slides - PDF (111 KB)
View Report - PDF (127 KB)
Assessing Privacy Risks from Flash Cookies Stacy Jordan and Kevin Fuller Feb View Report - DOCX (7.3MB)
View Slides with Notes - PPTX (1.2MB)
View Project Plan - DOCX (25.4KB)
2010
Title Author Month Files
The Rapid Implementation of IPv6 at GIAC Enterprises

Parenthetical: Students were given the assignment and delivered the presentation 24 hours later in a manner understandable by a Chief Information Officer

View Summary
Assignment Summary

One night, you get a phone call from your IT staff: The connection with one of the plants has been down and they can't get it back. They went over the basic trouble shooting checklist but can't figure it out. You do your own checks from home, and find out that the host name you use to connect to the plant no longer resolves to an IPv4 "A" record, but instead an IPv6 "AAAA" record. The CIO wants You to "fix it." Without the direct link, the company may end up with bad inventory readings and lose a lot of money during the holiday season. He asks you to come up with a plan to connect your ERP web service to the Chinese plant via IPv6 that can be implemented in a week or less. The plan needs to be ready tomorrow so he can sign off on it. You are so far not ready for IPv6, have no IPv6 allocation, and have no idea what part of your network can handle IPv6 traffic. Prepare a plan and have it ready to present to the CIO and CEO by tomorrow.

Stacy Jordan, Beth Binde, Glen Roberts Dec View Report - PDF (656KB)
View Slides - PDF (3.4MB)
Working from Home: Issues and Strategies

Parenthetical: Students were given the assignment and delivered the presentation 24 hours later in a manner understandable by a Chief Information Officer

View Summary
Assignment Summary

The CIO calls you in one night for a special tiger team project. The IT strategic planning committee has decided to embark on a bold initiative: in the next generation of database they intend to transition from a relational database to a temporal XML data model. Since the data center is maxed out, the plan is to retire the current relational database system and store the company's operational data (customer lists, invoices, etc.) in the new database as well as the fortunes. The CIO is excited because he believes this is an opportunity to improve the performance of the GIAC Enterprises DLP solution.

Jerome Radcliffe Nov View Report - PDF (119KB)
The Half-Life of Information at GIAC Enterprises Charlie Scott & Stephen Strom Nov View Report - PDF (426 KB)
View Slides - PDF (291 KB)
Psychology for Security Awareness Ahmed Abdel-Aziz Sep View Report - PDF (673KB)
Joint Written Project- What's in the data bucket? Event Correlation and SIEM Vendor Approaches Brough Davis, Jim Horwath, John Zabiuk Jul View Report - PDF (4.8MB)
View Slides with Notes - PPT (215KB)
View Project Plan - DOC (92KB)
View Press Release - DOC (30KB)
Group Discussion and Written Project - Is GIAC Enterprises' cryptography strong enough to protect our information? Robert Comella, Brough Davis Jun View Report - DOC (198KB)
View Slides - PDF (132KB)
Group Discussion and Written Project- Design Phase One of an iPhone Rollout Mark Baggett, Jim Horwath Jun View Report - PDF (1MB)
View Slides - PPT (992KB)
View Report - PDF (1MB)
Remote Access Tools Policy John Jarocki May View Policy - PDF (76KB)
View Slides with Notes - PPTX (200KB)
Security Awareness: Many Audiences, Many Messages Rob VandenBrink Apr View Slides with Notes - PDF (2MB)
View Report - PDF (326KB)
View Poster - PDF (87KB)
Group Discussion and Written Project - GSM Risks and Countermeasures Greg Farnham, Kevin Fuller Apr View Report - PDF (141KB)
Visitor and Contractor Access Policy Rob VandenBrink Apr View Poster - PDF (566KB)
View Policy - PDF (104KB)
How to Review and Assess Information Security Policy: The Six-Step Process Ahmed Abdel-Aziz Feb View Report - PDF (319KB)
2009
Title Author Month Files
SQL Injection in Microsoft Environments Jim Beechey Dec View Report - PDF (387KB)
Digital Acceptance Policy Charlie Scott Oct View Policy - PDF (115KB)
View Slides - PDF (82KB)
Protecting Your Business from Online Banking Fraud Robert Comella, Greg Farnham, John Jarocki Oct View Report - PDF (3MBB)
View Slides - PDF (689KB)
View Press Release - PDF (689KB)
View Project Plan - PDF (1MB)
Digitally Sign Your Emails Charlie Scott Oct View Slides - PDF (2.34MB)
View Poster - PDF (493KB)
DownAdUp / Conficker Incident Jim McMillan and Rob VandenBrink Sep View Report - PDF (480KB)
View Slides - PDF (526KB)
View Project Plan - PDF (47KB)
End User Encryption Key Protection Rick D. Smith Aug View Poster - PDF (207KB)
View Policy - PDF (92KB)
Social Engineering Awareness: Employee Front Desk Communication and Awareness Emilio Valente Aug View Poster - PDF (175KB)
View Policy - PDF (72KB)
Computer Disaster Recovery Plan Robert Comella Jul View Poster - PDF (3.76MB)
View Policy - PDF (46KB)
Communications Equipment Security Manuel Humberto Santander Pelaez Jul View Poster - PDF (83KB)
View Policy - PDF (40KB)
When was your last backup? Robert Comella Jun View Poster - PDF (912KB)
View Poster - PDF (912KB)
View Presentation Slides - PDF (720KB)
Survey for the First Company using Virtual Desktop Infrastructure (VDI) Tim Proffitt and Emilio Valente Jun View Survey 1 - PDF (54KB)
View Survey 2 - PDF (51KB)
Virtual Desktop Infrastructure (VDI) Emilio Valente and Tim Proffitt Jun View Slides - PDF (156KB)
View Checklist - PDF (61KB)
Is Virtual Desktop Infrastructure (VDI) Right for Me? Tim Proffitt and Emilio Valente Jun View Report - PDF (101KB)
Planned and Unplanned Outages James Voorhees May View Policy - DOC (36KB)
Notifying the Enterprise about Outages James Voorhees May View Slides - PPT (84KB)
Patch Management Brad Ruppert May View Policy - DOC (60KB)
View Poster - JPG (340KB)
Web Application Firewalls: Defense in Depth for Your Web Infrastructure Jim Beechey Apr View Report - DOC (68KB)
Book Summary: Mastering Web Services Security by Bret Hartman, Donald J. Flinn, Konstantin Beznosov, Shirley Kawamoto Brad Ruppert Apr View Report - DOC (40KB)
Downadup Incident - GIAC Enterprises - Report Tim Proffitt, Seth Misenar, John Jarocki Mar View Report - PDF (184KB)
Malware Detection/Prevention - GIAC Enterprises - Slides John Jarocki, Seth Misenar, Tim Proffitt Mar View Slides with Notes - PPT (172KB)
2008
Title Author Month Files
Book Review: Web Security, Privacy & Commerce, 2nd Edition, by Simson Garfinkel and Gene Spafford Mason Pokladnik Nov View Report - DOC (44KB)
Technology Equipment Disposal Jim Beechey Oct View Poster - PDF (118KB)
View Policy - DOC (32KB)
GIAC Enterprises Desktop Protection Jim Beechey and Emilio Valente Sep View Report - DOC (100KB)
View Slides with Notes - PPT (760KB)
Clean Desk Tim Proffitt Aug View Policy - DOC (32KB)
View Poster - PDF (376KB)
Source Code Disclaimer Jay Radcliffe Aug View Policy - DOC (52KB)
View Poster - PDF (68KB)
Why Do You Audit? - Report Mason Pokladnik Jun View Report - DOC (52KB)
Data Retention & Cost Effective Data Loss Prevention Techniques Eric Conrad, Mason Pokladnik, Manuel Santander Apr View Report - PDF (424KB)
View Slides - PDF (204KB)
Mobile Device Encryption - Lost Laptops - Poster Eric Conrad Mar View Poster - DOC (490KB)
Mobile Device Encryption - Policy Eric Conrad Mar View Policy - DOC (48KB)
Workstation Security Russell Meyer Feb View Policy - DOC (52KB)
View Poster - DOC (1.1MB)
2007
Title Author Month Files
Responsible Web Use - Poster Kevin Bong Nov View Poster - PDF (76KB)
Employee Internet Use Monitoring and Filtering Policy - Report Kevin Bong Nov View Report - PDF (80KB)
Software Installation Policy John Brozycki Nov View Project Poster - PDF (868KB)
View Project Report - PDF (16KB)
eDiscovery - Data Classification, Retention, and Litigation Policies and Procedures - Report Russell Meyer and Brad Ruppert Sep View Project - PDF (108KB)
RBAC Defense in Depth for GIAC Enterprises - Report Russell Meyer and Brad Ruppert Sep View Project Report - DOC (2.7MB)
View Project Slides - PPT (140KB)
UTM (Unified Threat Management) - Validating a UTM Device Manuel Santander and Mason Pokladnik Sep View Project - DOC (1MB)
Perimeter Convergence - Project Plan and Design Manuel Santander and Mason Pokladnik Sep View Project - DOC (143KB)
eDiscovery Policies and Procedures - Slides Brad Ruppert and Russell Meyer Sep View Project - PPT (268KB)
View Project - PPT (268KB)
GIAC Enterprises Network Deployment, Phase 1: The Perimeter Rodney Caudle, Jay Radcliffe, Jim Voorhees Jul View Project Report - DOC (252KB)
View Project Slides - PPT (320KB)
Web Application Security Implementation Kevin Bong and John Brozycki Jul View Project - PPT (136KB)
Managing Large Botnets Kevin Bong and John Brozycki Apr View Project - DOC (1.6MB)
2006
Title Author Month Files
Mobile Encryption Rick Wanner and Rick Smith Dec View Project Report - PDF (172KB)
View Project Slides - PPT (96KB)
Server Malware Protection Policy Brian Granier Nov View Project - PDF (24KB)
Not Everything is as it Seems - Poster Brian Granier Nov View Project - PDF (288KB)
How to Use Windows Security Auditing Tools Project Plan Rodney Caudle, Eric Conrad, James Voorhees Sep View Project Plan - DOC (708KB)
View Slides - PPT (576KB)
Defense-in-Depth - What Is It? Peter Leight and Richard Hammer Aug View Project Report - DOC (340KB)
View Project Slides - PPT (188KB)
Role-Based Access Control (RBAC) Approach for Defense-in-Depth Peter Leight and Richard Hammer Aug View Project Report - DOC (2MB)
View Project Slides - PPT (148KB)
Trusted Platform Module (TPM) - Report Peter Leight and Richard Hammer Jun View Project Report - DOC (60KB)
Trusted Platform Module (TPM) - Slides Peter Leight and Richard Hammer May View Project Slides - PPT (88KB)