Ask the Expert

Strategic IT security plan standards

I need your help. I need a good outline for strategic IT security plan standards and guidelines, and other requirements needed to support an IS business continuity plan.

Time and again I have seen articles relating to all of this, but unfortunately when I'm looking for this stuff I cannot find it readily. Please provide me some tips, suggestions and ideas where I can easily access it.

Requires Free Membership to View

Although there may not be one best place to gather this information from for your organization, there are several excellent places to start. The first you should probably look at first for developing an information security framework is the ISO/IEC 17799 standard. You can purchase it at Other good resources that you could benefit from are the IETF RFC 2196 Site Security Handbook ( and the following NIST special publications:
SP 800-18 guide for developing security plans for information technology systems
SP 800-34 contingency planning guide for information technology systems

For more information on this topic, visit these other resources:
  • Ask the Expert: Differentiating between policies, standards, proceedures and technical controls
  • Ask the Expert: Standards vs. policies
  • Security Policies Tip: Security -- The Common Criteria

    This was first published in April 2003

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: