This month I have identified several papers to assist management in their efforts to strengthen their organization’s security function.
1. GASSP – Generally Accepted System Security Principles (Version 2.0) (International Information Security Foundation)
2. Guide for Developing Security Plans for Information Technology Systems (NIST Computer Security Online Special Publications)
3. Managing the Security of Information (An Executive Guide)
(International Federation of Accountants – IFAC)
4. Information Security Management – Practices of Leading Organizations (US General Accounting Office – Executive Guide)
5. Information Security Risk Assessment Guide – Practices of Leading Organizations (US General Accounting Office – Exposure Draft)
6. A Guide to Security Risk Management for Information Technology Systems (MG-2) (Communications Security Establishment – CSE)