This month I have identified several papers to assist management in their efforts to strengthen their organization’s security function.
1. GASSP – Generally Accepted System Security Principles (Version 2.0) (International Information Security Foundation)
web.mit.edu/security/www/gassp1.html
2. Guide for Developing Security Plans for Information Technology Systems (NIST Computer Security Online Special Publications)
csrc.nist.gov/nistpubs/Planguide.PDF
3. Managing the Security of Information (An Executive Guide)
(International Federation of Accountants – IFAC)
www.ifac.org/StandardsAndGuidance/InformationTechnology/ManagingSecurityOfInfo.html
4. Information Security Management – Practices of Leading Organizations (US General Accounting Office – Executive Guide)
www.gao.gov/special.pubs/pdf_sing.pdf
5. Information Security Risk Assessment Guide – Practices of Leading Organizations (US General Accounting Office – Exposure Draft)
www.gao.gov/special.pubs/ai99139.pdf
6. A Guide to Security Risk Management for Information Technology Systems (MG-2) (Communications Security Establishment – CSE)