Information Security Governance Papers
| Paper Title | Security Planning26 |
|---|---|
| The Abstract of The Paper |
Fully document agreed-upon security controls, planned or in place.
Develop the system security plan. Develop documents supporting the agency’s information security program (e.g., CM plan, contingency plan, incident response plan, security awareness and training plan, rules of behavior, risk assessment, security test and evaluation results, system interconnection agreements, security authorizations/accreditations, and plans of action and milestones [POA&M]). Develop awareness and training requirements, including user manuals and operations/administrative manuals." |
| Web Link | http://csrc.nist.gov/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf |