Governing for Enterprise Security (GES) Implementation Guide
作者: Julia H. Allen , Jody R. Westby
关键词:
摘要: Governing for enterprise security means viewing adequate as a non-negotiable requirement of being in business. If an organization's management does not establish and reinforce the business need effective security, desired state will be articulated, achieved, or sustained. To achieve sustainable capability, organizations must make responsibility leaders at governance level, other organizational roles that lack authority, accountability, resources to act enforce compliance. This implementation guide builds upon prior publications by providing prescriptive guidance creating sustaining program. It is geared senior leaders, including those who serve on boards directors equivalent. Throughout guide, we describe elements program (ESP) suggest how can oversee, direct, control it, thereby exercise appropriate governance. Elevating governance-level concern fosters attentive, security-conscious are better positioned protect digital assets, operations, market position, reputation. This document presents roadmap practical help implement
sci-hub.st 参考文章(26)
J Hash, N Bartol, H Rollins, W Robinson, J Abeles, S Batdorff, Integrating IT Security into the Capital Planning and Investment Control Process Special Publication (NIST SP) - 800-65. ,(2005) , 10.6028/NIST.SP.800-65
Gary Stoneburner, Alice Goguen, Alexis Feringa, Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology / AHIMA, American Health Information Management Association. ,(2002) , 10.6028/NIST.SP.800-30
Jody R. Westby, International Guide to Cyber Security ,(2005)
Brian Cashell, The Economic Impact of Cyber-Attacks Library of Congress. Congressional Research Service.. ,(2004)
Karen Ann Kent, Computer Security Incident Handling Guide Special Publication (NIST SP) - 800-61 Rev 2. ,(2004) , 10.6028/NIST.SP.800-61R2
Pauline Bowen, Information Security Handbook: A Guide for Managers Special Publication (NIST SP) - 800-100. ,(2006) , 10.6028/NIST.SP.800-100
Information Technology Laboratory (National Institute of Standards and Technology), Standards for Security Categorization of Federal Information and Information Systems Federal Inf. Process. Stds. (NIST FIPS) - 199. ,(2004)
Ronald S. Ross, Managing Enterprise Risk in Today's World of Sophisticated Threats: A Framework for Developing Broad-based, Cost-effective Information Security Programs | NIST 4th International Aviation Security Technology Symposium. ,(2006)
Ron Ross, Stu Katzke, Arnold Johnson, Marianne Swanson, Gary Stoneburner, George Rogers, Annabelle Lee, Recommended Security Controls for Federal Information Systems Special Publication (NIST SP) - 800-53 Rev 1. ,(2005) , 10.6028/NIST.SP.800-53R1
T Grance, J Hash, M Stevens, Security Considerations in the Information System Development Life Cycle Special Publication (NIST SP) - 800-64 Rev 1. ,(2003) , 10.6028/NIST.SP.800-64R1