I wanted to let everyone know about four free whitepapers that were brought to my attention by some colleagues at SANS. Enjoy!

Developing a Security-Awareness Culture – Improving Security Decision Making – This paper examines important facets of individual and group decision-making and provides prescriptive guidance on how we may improve the quality of our decision-making processes, leading to better security decisions.

A Guide to Security Metrics – This guide provides a definition of security metrics, explains their value, discusses the difficulties in generating them, and suggests a methodology for building a security metrics program.

Visual Baselines – Maximizing Economies of Scale Using Round Robin Databases – How are you going to know if something doesn’t quite look “right” when you don’t know what “right” is supposed to look like? This paper is designed to give the security professional a solid understanding of some of the tools that are available for them to use in assisting them in creating visual baselines including RRDtool, and Cacti. This paper will discuss the advantages of using Round Robin Databases to collect and display network statistics and how to use this information to create a clear picture of what is actually happening on your network.

Stopping the Targeted Attack: Why Comprehensive Malware Protection is Superior to Anti-virus Signatures for Protecting Your Organization – This paper discusses the evolving nature of malware, and why enterprises
continue to be highly vulnerable to targeted malware attacks despite deployment of common security solutions like anti-virus software and
traditional firewalls. Accordingly, the paper then describes new solutions designed to be much more proactive and effective in protecting an
organization’s inbound and outbound traffic.