Information Security Governance Papers
| Paper Title | ORGANIZING FOR INFORMATION SECURITY—ESSENTIAL PROGRAM COMPONENTS |
|---|---|
| The Abstract of The Paper |
The documents listed below focus on the programmatic aspects of information security. These
publications appear to be based on the assumption that senior management does understand the
need for an effective enterprise information security program and focuses on the components of
this activity:
--Business Industry Advisory Council/International Chamber of Commerce, “Information Security Assurance for Executives: An International Business Commentary on the 2002 OECD Guidelines for the ‘Security of Networks and Information Systems: Towards a Culture of Security’”, April 22, 2003. --Business Roundtable, “Building Security in the Digital Resource: An Executive Resource”, November 2002. --General Accounting Office, “Federal Information System Controls Audit Manual”, January 1999. --Information Security Forum, “The Standard of Good Practice for Information Security”, Version 4, March 2003. --Information Technology Governance Institute, “Governance, Control and Audit for Information and Related Technology (CoBIT)”, 3rd edition, July 2000. --International Chamber of Commerce, “ICC Handbook on Information Security Policy for Small to Medium Enterprises”, April 11, 2003. 11 --International Information Security Foundation, “Generally Accepted System Security Principles”, Fall 2000. --International Standards Organization (ISO) and the International Electrotechnical Commission (IEC), “Code of Practice for Information Security” (ISO/IEC 17799), May 5, 2003 (final coordination draft). --Internet Security Alliance, “Common Sense Guide for Senior Managers: Top Ten Recommended Information Security Practices”, 1st edition, July 2002. --National Institute of Standards and Technology, “Automated Information Security Program Review Areas,” July 27, 2002. --National Institute of Standards and Technology, “Generally Accepted Principles and Practices for Security Information Technology Systems,” September 1996. --Organization of Economic Cooperation and Development, “OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security”, adopted 25 July 2002. --The World Bank, (Thomas Glaessner, Tom Kellermann, and Valerie McNevin), “Electronic Security: Risk Mitigation in Financial IT Transactions”, June 2002. --U.S. Congress, “Federal Information Security Management Act of 2002 (FISMA)”, 2002. |
| Web Link | http://www.bsa.org/country/Research%20and%20Statistics/~/media/BD05BC8FF0F04CBD9D76460B4BED0E67.ashx |