Problem solve Get help with specific problems with your technologies, process and projects.

Security and audit resources

Security and audit resources

Security resources

1.) CERT has issued extensive guidance regarding information security. The CERT® Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University.
a) Evaluating security risks, practices and insider threats.
b) Establishing a computer security incident response team (CSIRT).
c) Governing for Enterprise Security (PDF).
d) Governing for Enterprise Security (Web site).
e) The "build security in" initiative.

2.) Corporate Information Security Working Group (CISWG).
a) CISWG – The Final Report of the Best Practices and Metrics Teams

3.) Executive Guide: Information Security Management: Learning From Leading Organizations (The third item in this GAO resource list)

4.) The International Systems Security Engineering Association (ISSEA)

5.) U.S. Security Awareness (Auditing information security resources)

6.) The Information Systems Security Association (ISSA)®

7.) The Computer Security Division (CSD) within NIST
a) The FISMA library

Audit resources

1.) Avoiding IS Icebergs (An article about auditing information security)

2.) Management Guide (IS Security Auditing)

3.) A series of landmark security guidance reports published by The IIA (for the U.S. Federal Government)
a) Information Security Management and Assurance: A Call to Action for Corporate Governance
b) Information Security Governance: What Directors Need to Know
c) Building, Managing and Auditing Information Security

4.) Information Systems Audit and Control Association (ISACA) and

5.) Jim Kaplan's Web site

This was last published in August 2006

Dig Deeper on IT security audits and audit frameworks

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.