Information Security Governance: Difference between revisions
No edit summary |
|||
(14 intermediate revisions by 2 users not shown) | |||
Line 4: | Line 4: | ||
==Full Citation== | ==Full Citation== | ||
Nat'l Cyber Sec. Summit Task Force ''Information Security Governance'' (2004). [http://www.cyber.st.dhs.gov/docs/Information%20Security%20Governance-%20A%20Call%20to%20Action%20(2004).pdf ''Web''] | Nat'l Cyber Sec. Summit Task Force, ''Information Security Governance: A Call to Action'' (2004). [http://www.cyber.st.dhs.gov/docs/Information%20Security%20Governance-%20A%20Call%20to%20Action%20(2004).pdf ''Web''] [http://www.criminal-justice-careers.com/resources/InfoSecGov4_04.pdf ''AltWeb''] | ||
[http:// | |||
[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=NCSSTF:2004 ''BibTeX''] | |||
==Categorization== | ==Categorization== | ||
* Resource by Type: [[US Government Reports and Documents]] | |||
* Threats and Actors: [[States]]; [[Groups]], [[Private Critical Infrastructure]] | |||
* Issues: [[Usability/Human Factors]], [[Psychology and Politics]], [[Information Sharing/Disclosure]], [[Public-Private Cooperation]] | |||
* Approaches: [[Regulation/Liability]], [[Private Efforts/Organizations]], [[Government Organizations]], [[Deterrence]], [[Technology]] | |||
==Key Words== | |||
[[Keyword_Index_and_Glossary_of_Core_Ideas#Civilian_Participation | Civilian Participation]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]], [[Keyword_Index_and_Glossary_of_Core_Ideas#National_Cybersecurity_Strategy_(U.S.) | National Cybersecurity Strategy (U.S.)]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&_Development | Research & Development]], | |||
== | ==Synopsis== | ||
To better secure its information systems and strengthen America’s homeland security, the private sector should incorporate information security into its corporate governance efforts. Although information security is not solely a technical issue, it is often treated that way. If businesses, educational institutions, and non-profit organizations are to make significant progress securing their information assets, executives must make information security an integral part of core business operations. There is no better way to accomplish this goal than to highlight it as part of the existing internal controls and policies that constitute corporate governance. | |||
The Corporate Governance Task Force believes that information security governance (ISG) efforts will be most successful if conducted voluntarily, instead of mandated by government. With the appropriate tools and guidance, the private sector can effectively rise to the challenges set out in The National Strategy to Secure Cyberspace. | |||
== | ==Additional Notes and Highlights== | ||
Expertise Required: Executive Administration: Moderate | |||
Table of Contents | |||
Executive Summary | |||
1.0 Introduction and Charge | |||
2.0 Corporate Governance Task Force Recommendations | |||
2.1 Information Security Governance Framework | |||
2.2 ISG Framework Implementation | |||
2.3 ISG Verification and Compliance | |||
2.3a Verification and Compliance Recommendations | |||
3.0 Conclusions | |||
Appendix A: Information Security Governance Framework | |||
Appendix B: ISG Functions and Responsibilities Guides | |||
Appendix C: Organization/Process for Implementation | |||
Appendix D: ISG Assessment Tool | |||
Appendix E: Education and Non-Profit Implementation Plan | |||
Appendix F: Information Security Governance Bibliography |
Latest revision as of 14:23, 30 July 2010
Full Title of Reference
Information Security Governance: A Call to Action
Full Citation
Nat'l Cyber Sec. Summit Task Force, Information Security Governance: A Call to Action (2004). Web AltWeb
Categorization
- Resource by Type: US Government Reports and Documents
- Threats and Actors: States; Groups, Private Critical Infrastructure
- Issues: Usability/Human Factors, Psychology and Politics, Information Sharing/Disclosure, Public-Private Cooperation
- Approaches: Regulation/Liability, Private Efforts/Organizations, Government Organizations, Deterrence, Technology
Key Words
Civilian Participation, Department of Homeland Security, National Cybersecurity Strategy (U.S.), Research & Development,
Synopsis
To better secure its information systems and strengthen America’s homeland security, the private sector should incorporate information security into its corporate governance efforts. Although information security is not solely a technical issue, it is often treated that way. If businesses, educational institutions, and non-profit organizations are to make significant progress securing their information assets, executives must make information security an integral part of core business operations. There is no better way to accomplish this goal than to highlight it as part of the existing internal controls and policies that constitute corporate governance.
The Corporate Governance Task Force believes that information security governance (ISG) efforts will be most successful if conducted voluntarily, instead of mandated by government. With the appropriate tools and guidance, the private sector can effectively rise to the challenges set out in The National Strategy to Secure Cyberspace.
Additional Notes and Highlights
Expertise Required: Executive Administration: Moderate
Table of Contents
Executive Summary 1.0 Introduction and Charge 2.0 Corporate Governance Task Force Recommendations 2.1 Information Security Governance Framework 2.2 ISG Framework Implementation 2.3 ISG Verification and Compliance 2.3a Verification and Compliance Recommendations 3.0 Conclusions Appendix A: Information Security Governance Framework Appendix B: ISG Functions and Responsibilities Guides Appendix C: Organization/Process for Implementation Appendix D: ISG Assessment Tool Appendix E: Education and Non-Profit Implementation Plan Appendix F: Information Security Governance Bibliography