Information Security Governance: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 4: Line 4:
==Full Citation==
==Full Citation==


Nat'l Cyber Sec. Summit Task Force, ''Information Security Governance'' (2004). [http://www.cyber.st.dhs.gov/docs/Information%20Security%20Governance-%20A%20Call%20to%20Action%20(2004).pdf  ''Web''] [http://www.criminal-justice-careers.com/resources/InfoSecGov4_04.pdf ''AltWeb'']
Nat'l Cyber Sec. Summit Task Force, ''Information Security Governance: A Call to Action'' (2004). [http://www.cyber.st.dhs.gov/docs/Information%20Security%20Governance-%20A%20Call%20to%20Action%20(2004).pdf  ''Web''] [http://www.criminal-justice-careers.com/resources/InfoSecGov4_04.pdf ''AltWeb'']


[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=NCSSTF:2004 ''BibTeX'']
[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=NCSSTF:2004 ''BibTeX'']
Line 27: Line 27:
Expertise Required: Executive Administration: Moderate
Expertise Required: Executive Administration: Moderate


Outline:
Table of Contents
  EXECUTIVE SUMMARY
  Executive Summary
  1 INTRODUCTION AND CHARGE
  1.0 Introduction and Charge
  2 CORPORATE GOVERNANCE TASK FORCE RECOMMENDATIONS
  2.0 Corporate Governance Task Force Recommendations
   2.1 Information Security Governance Framework
   2.1 Information Security Governance Framework
   2.2 ISG Framework Implementation
   2.2 ISG Framework Implementation
   2.3 ISG Verification and Compliance
   2.3 ISG Verification and Compliance
   2.3.a Verification and Compliance Recommendations  
   2.3a Verification and Compliance Recommendations
  3.0 CONCLUSIONS 
  3.0 Conclusions
  APPENDIX A: INFORMATION SECURITY GOVERNANCE FRAMEWORK 
  Appendix A: Information Security Governance Framework
  APPENDIX B: ISG FUNCTIONS AND RESPONSIBILITIES GUIDES 
  Appendix B: ISG Functions and Responsibilities Guides
  APPENDIX C: ORGANIZATION/PROCESS FOR IMPLEMENTATION 
  Appendix C: Organization/Process for Implementation
  APPENDIX D: ISG ASSESSMENT TOOL
  Appendix D: ISG Assessment Tool
Appendix E: Education and Non-Profit Implementation Plan
Appendix F: Information Security Governance Bibliography

Latest revision as of 14:23, 30 July 2010

Full Title of Reference

Information Security Governance: A Call to Action

Full Citation

Nat'l Cyber Sec. Summit Task Force, Information Security Governance: A Call to Action (2004). Web AltWeb

BibTeX

Categorization

Key Words

Civilian Participation, Department of Homeland Security, National Cybersecurity Strategy (U.S.), Research & Development,

Synopsis

To better secure its information systems and strengthen America’s homeland security, the private sector should incorporate information security into its corporate governance efforts. Although information security is not solely a technical issue, it is often treated that way. If businesses, educational institutions, and non-profit organizations are to make significant progress securing their information assets, executives must make information security an integral part of core business operations. There is no better way to accomplish this goal than to highlight it as part of the existing internal controls and policies that constitute corporate governance.

The Corporate Governance Task Force believes that information security governance (ISG) efforts will be most successful if conducted voluntarily, instead of mandated by government. With the appropriate tools and guidance, the private sector can effectively rise to the challenges set out in The National Strategy to Secure Cyberspace.


Additional Notes and Highlights

Expertise Required: Executive Administration: Moderate

Table of Contents

Executive Summary 
1.0 Introduction and Charge
2.0 Corporate Governance Task Force Recommendations
 2.1 Information Security Governance Framework
 2.2 ISG Framework Implementation
 2.3 ISG Verification and Compliance
 2.3a Verification and Compliance Recommendations
3.0 Conclusions
Appendix A: Information Security Governance Framework
Appendix B: ISG Functions and Responsibilities Guides
Appendix C: Organization/Process for Implementation
Appendix D: ISG Assessment Tool
Appendix E: Education and Non-Profit Implementation Plan
Appendix F: Information Security Governance Bibliography