Tip

Security and audit resources

Security resources

1.) CERT has issued extensive guidance regarding information security. The CERT® Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University.
a) Evaluating security risks, practices and insider threats.

    Requires Free Membership to View

    Login


b) Establishing a computer security incident response team (CSIRT).
c) Governing for Enterprise Security (PDF).
d) Governing for Enterprise Security (Web site).
e) The "build security in" initiative.

2.) Corporate Information Security Working Group (CISWG).
a) CISWG – The Final Report of the Best Practices and Metrics Teams

3.) Executive Guide: Information Security Management: Learning From Leading Organizations (The third item in this GAO resource list)

4.) The International Systems Security Engineering Association (ISSEA)

5.) U.S. Security Awareness (Auditing information security resources)

6.) The Information Systems Security Association (ISSA)®

7.) The Computer Security Division (CSD) within NIST
a) The FISMA library

Audit resources

1.) Avoiding IS Icebergs (An article about auditing information security)

2.) Management Guide (IS Security Auditing)

3.) A series of landmark security guidance reports published by The IIA (for the U.S. Federal Government)
a) Information Security Management and Assurance: A Call to Action for Corporate Governance
b) Information Security Governance: What Directors Need to Know
c) Building, Managing and Auditing Information Security

4.) Information Systems Audit and Control Association (ISACA) and http://www.itgi.org/

5.) Jim Kaplan's Web site


This was first published in August 2006

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top