Recent Reports SupportingSecurity Management

This month I have identified several papers to assist management in their efforts to strengthen their organization’s security function.

1. GASSP – Generally Accepted System Security Principles (Version 2.0) (International Information Security Foundation)

web.mit.edu/security/www/gassp1.html

2. Guide for Developing Security Plans for Information Technology Systems (NIST Computer Security Online Special Publications)

csrc.nist.gov/nistpubs/Planguide.PDF

3. Managing the Security of Information (An Executive Guide)

(International Federation of Accountants – IFAC)

www.ifac.org/StandardsAndGuidance/InformationTechnology/ManagingSecurityOfInfo.html

4. Information Security Management – Practices of Leading Organizations (US General Accounting Office – Executive Guide)

www.gao.gov/special.pubs/pdf_sing.pdf

5. Information Security Risk Assessment Guide – Practices of Leading Organizations (US General Accounting Office – Exposure Draft)

www.gao.gov/special.pubs/ai99139.pdf

6. A Guide to Security Risk Management for Information Technology Systems (MG-2) (Communications Security Establishment – CSE)

www.cse-cst.gc.ca/cse/english/Manuals/mg2int-e.htm