1.) CERT has issued extensive guidance regarding information security. The CERT® Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University.
a) Evaluating security risks, practices and insider threats.
b) Establishing a computer security incident response team (CSIRT).
c) Governing for Enterprise Security (PDF).
d) Governing for Enterprise Security (Web site).
e) The "build security in" initiative.
2.) Corporate Information Security Working Group (CISWG).
a) CISWG – The Final Report of the Best Practices and Metrics Teams
3.) Executive Guide: Information Security Management: Learning From Leading Organizations (The third item in this GAO resource list)
5.) U.S. Security Awareness (Auditing information security resources)
1.) Avoiding IS Icebergs (An article about auditing information security)
2.) Management Guide (IS Security Auditing)
3.) A series of landmark security guidance reports published by The IIA (for the U.S. Federal Government)
a) Information Security Management and Assurance: A Call to Action for Corporate Governance
b) Information Security Governance: What Directors Need to Know
c) Building, Managing and Auditing Information Security
5.) Jim Kaplan's Web site