Security resources
1.) CERT has issued extensive guidance regarding information security. The CERT® Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University.
a) Evaluating security risks, practices and insider threats.
b) Establishing a computer security incident response team (CSIRT).
c) Governing for Enterprise Security (PDF).
d) Governing for Enterprise Security (Web site).
e) The "build security in" initiative.
2.) Corporate Information Security Working Group (CISWG).
a) CISWG – The Final Report of the Best Practices and Metrics Teams
3.) Executive Guide: Information Security Management: Learning From Leading Organizations (The third item in this GAO resource list)
4.) The International Systems Security Engineering Association (ISSEA)
5.) U.S. Security Awareness (Auditing information security resources)
6.) The Information Systems Security Association (ISSA)®
7.) The Computer Security Division (CSD) within NIST
a) The FISMA library
Audit resources
1.) Avoiding IS Icebergs (An article about auditing information security)
2.) Management Guide (IS Security Auditing)
3.) A series of landmark security guidance reports published by The IIA (for the U.S. Federal Government)
a) Information Security Management and Assurance: A Call to Action for Corporate Governance
b) Information Security Governance: What Directors Need to Know
c) Building, Managing and Auditing Information Security
4.) Information Systems Audit and Control Association (ISACA) and http://www.itgi.org/
5.) Jim Kaplan's Web site
