Best Practices for Information Security
Information Security best practices are described by a number of generally accepted sources. Several of those sources are identified below. These sites are maintained by the sponsoring organization, not WPI.
- Information Security Handbook: A Guide for Managers
http://csrc.nist.gov/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf - American Institute of Certified Public Accountants (AICPA)
http://www.coso.org/aicpa.htm - Association for College and University Policy Administrators (ACUPA)
http://www.acupa.org/ - Best of Breed conference presentation by Pat Spacely.
- American National Standards Institute (ANSI)
http://www.ansi.org - BSI (British Standard Institute), identified eleven steps to implement an ISO-compliant Information Security Management System. The key steps for compliance are purchasing the ISO standard; developing and implementing livable and compliant policies, standards, guidelines and procedures; communicating and training, and utilizing appropriate defined processes to respond to a breach.
- The Center for Democracy and Technology (CDT) provides a chart identifying the legal standards for government access to papers, records, and communications. http://www.cdt.org/wiretap/govaccess/accesschart.shtml
- The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for Information Technology (IT) management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1992. COBIT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company.
- COBIT wiki: http://en.wikipedia.org/wiki/COBIT
- COBIT is available from the (ISACA) at http://www.isaca.org/Template.cfm?Section=COBIT6&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=55&ContentID=31519
- COSO (Committee of Sponsoring Organization of the Treadway Commission) is a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and governance. Publications are available through the American Institute of Certified Public Accountants (www.aicpa.org).
http://www.coso.org - Disaster Recovery Institute, International
http://www.drii.org/DRII - Educational Center for Applied Research (ECAR), the research branch of EDUCAUSE
http://www.educause.edu/ecar - Information Security Glossary used by ECAR
http://www.rsasecurity.com/glossary/default.asp?id=1094 - EDUCAUSE is a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology.
http://www.educause.edu - "Effective IT Security Practices and Solutions Guide: Balancing the Need for Security and Open, Collaborative Networking"
https://wiki.internet2.edu/confluence/display/secguide/Home - Information Security Assessment Tool for Higher Education
http://www.educause.edu/ir/library/pdf/SEC0421.pdf - Federal Trade Commission (FTC)
- Defend Against Identity Theft
http://www.ftc.gov/bcp/edu/microsites/idtheft/ - Protecting Personal Information: A Guide for Business
http://www.ftc.gov/bcp/edu/pubs/business/privacy/bus69.pdf
- Defend Against Identity Theft
- International Standards Organization (ISO)
http://www.iso.org - The ISO 27000 series are the Information Security Standards.
http://www.17799.com - ISO 17799 was renamed to ISO 27002.
http://www.17799.com - ISO 17799 wiki with a link to the ISO 27002 wiki.
http://en.wikipedia.org/wiki/ISO_17799 - Glossary
http://www.17799central.com/i.htm - IT Compliance Institute - 10 Top forum
http://www.itcinstitute.com/display.aspx?id=3384 - ISACA's information security (IS) auditing and IS control standards are followed by practitioners worldwide. Its research pinpoints professional issues challenging its constituents. Its Certified Information Systems Auditor (CISA) certification is recognized globally and has been earned by more than 55,000 professionals since inception. The Certified Information Security Manager (CISM) certification uniquely targets the information security management audience and has been earned by more than 7,000 professionals. It publishes a leading technical journal in the information control field, the Information Systems Control Journal.
https://www.isaca.org - IT Governance Institute aims to benefit enterprises by assisting enterprise leaders in their responsibility to make IT successful in supporting the enterprise's mission and goals. By conducting original research on IT governance and related topics, ITGI helps enterprise leaders understand and have the tools to ensure effective governance over IT within their enterprise.
http://www.itgi.org/ - National Institute of Standards and Technology (NIST) Computer Resource Center
http://csrc.nist.gov/ - Special Publications in the 800 series present documents of general interest to the computer security community.
http://csrc.nist.gov/publications/PubsSPs.html - Security for Telecommuting and Broadband Communications
http://csrc.nist.gov/publications/nistpubs/800-46/sp800-46.pdf - Research and Education Network Information Sharing and Analysis Center (REN-ISAC) is an integral part of higher education's strategy to improve network security through information collection, analysis, dissemination, early warning, and response. REN-ISAC services and products are specifically designed to support the unique environment and needs of organizations connected to served higher education and research networks, and supports efforts to protect the national cyber infrastructure by participating in the formal U.S. ISAC structure. REN-ISAC is hosted by Indiana University and with the support and cooperation of Internet2, Louisiana State University, EDUCAUSE, and contributors (such as WPI).
http://www.ren-isac.net/ - SANS Institute
http://www.sans.org/why_sans.php - SANS Policy Templates
http://www.sans.org/resources/policies/ - SANS Policy Primer
http://www.sans.org/resources/policies/Policy_Primer.pdf?portal=59616cc5ad5da6e186e40ee06d4c761er
Revision History
- The Information Technology Division endorsed this page on January 22, 2008.
- The faculty Committee on IT Policy endorsed this page on February 19, 2008.
Last modified: Feb 14, 2012, 23:56 UTC
![[WPI]](/Buttons/seal.gif "WPI Homepage"){kind=small}
![[CCC]](/Academics/CCC/Buttons/ccc.gif){kind=small}
![[Top]](/Buttons/top.gif){kind=small}