IT Security Taxonomy – Artikel dan Guidance mengenai IT Security Issues
**bicarait.com
IT Security adalah pembahasan yang tidak bisa dilewatkan jika anda menjadi IT System Architect. Dengan mempertimbangkan tingkat keamanan yang ada, maka anda dapat merancang sistem menjadi lebih aman dan handal.
Berikut ini ada beberapa hal yang dapat dimulai untuk memahami betapa pentingnya pembahasan mengenai IT Security :
1. Making information security everybody’s business!
http://www.noticebored.com/html/about_noticebored.html
2. The Psychology Behind Security
https://www.issa.org/images/upload/files/Sternberg-Psychology%20Behind%20Security.pdf
3. Improving Information Security! (an endless task) – By Dan Swanson
http://www.auditnet.org/articles/DSIA201006.htm (121 good security resources)
4. Improve IT Security: Educate Staff
In today’s healthcare environment, information security and protection of information assets are critical activities for all organizations. Information is the lifeblood of the organization and a vital business asset. IT systems connect every internal department of an organization and connect the enterprise to a myriad of suppliers, partners, and others on the outside, too.
http://www.ahia.org/audit_library/newperspectivesarchive/new_perspectives/2009/Spring2009/TheITPerspective_ImproveITSecurity_EducateStaffbyDanSwanson.pdf
5. Other Security Resources:
1. CERT has issued extensive guidance regarding information security. The CERT® Program is part
of the Software Engineering Institute (SEI), a federally funded research and development center at
Carnegie Mellon University.
a. Evaluating security risks, practices & insider threats.
http://www.cert.org/nav/index_green.html
b. Establishing a computer security incident response team (CSIRT).
http://www.cert.org/csirts/
c. Governing for Enterprise Security
(The PDF). http://www.cert.org/archive/pdf/05tn023.pdf
d. Governing for Enterprise Security
(Web Site). http://www.cert.org/governance/ges.html
e. The “build security in” initiative.
https://buildsecurityin.us-cert.gov/portal/
2. Management Guide (IS Security Auditing).
http://www.gao.gov/special.pubs/mgmtpln.pdf
3. A series of landmark reports published by The IIA.
a. Information Security Management and Assurance: A Call to Action for Corporate Governance.
www.theiia.org/download.cfm?file=22398
b. Information Security Governance: What Directors Need to Know.
www.theiia.org/download.cfm?file=7382
c. Building, Managing and Auditing Information Security.
www.theiia.org/download.cfm?file=33288
6. Information Security Awareness Readings:
- Building an Information Security Awareness Program (Mark Desman)
- Building an IT Security Awareness Program (NIST)
- True Value of Info. Security Awareness Program (Gary Hinson)
- Implementing User Security Awareness Training (Kelly Allison)
- Security Awareness—“Are Users Clued In”? (Robert Held)
- Security Awareness Training Program in Your Environment (Kelly Nichol)
- A Business Need for Information Security (Rebecca Herold)
- Security Awareness with Protecting Information (InformationShield)
7. Managing an Information Security Awareness Program (by Rebecca Herold).
http://www.rebeccaherold.com/
8. Internet and Computer Ethics for Kids (and Parents and Teachers Who Haven’t Got a Clue)
http://www.thesecurityawarenesscompany.com/Ethics.html
9. A Better Way of Motivating People
http://newsystemsthinking.com/article_details.asp?ID=29
10. Training and Awareness Articles
http://www.privacyguidance.com/etraining_awareness.html
11. Social Psychology and INFOSEC: Psycho-Social Factors in the Implementation of Information Security Policy
http://www.mekabay.com/infosecmgmt/Soc_Psych_INFOSEC.pdf
12. IT World Canada IT Security Resource Blog
http://blogs.itworldcanada.com/security/
Silahkan dinikmati Resources mengenai IT Security tersebut.
Berikut ini ada beberapa hal yang dapat dimulai untuk memahami betapa pentingnya pembahasan mengenai IT Security :
1. Making information security everybody’s business!
http://www.noticebored.com/html/about_noticebored.html
2. The Psychology Behind Security
https://www.issa.org/images/upload/files/Sternberg-Psychology%20Behind%20Security.pdf
3. Improving Information Security! (an endless task) – By Dan Swanson
http://www.auditnet.org/articles/DSIA201006.htm (121 good security resources)
4. Improve IT Security: Educate Staff
In today’s healthcare environment, information security and protection of information assets are critical activities for all organizations. Information is the lifeblood of the organization and a vital business asset. IT systems connect every internal department of an organization and connect the enterprise to a myriad of suppliers, partners, and others on the outside, too.
http://www.ahia.org/audit_library/newperspectivesarchive/new_perspectives/2009/Spring2009/TheITPerspective_ImproveITSecurity_EducateStaffbyDanSwanson.pdf
5. Other Security Resources:
1. CERT has issued extensive guidance regarding information security. The CERT® Program is part
of the Software Engineering Institute (SEI), a federally funded research and development center at
Carnegie Mellon University.
a. Evaluating security risks, practices & insider threats.
http://www.cert.org/nav/index_green.html
b. Establishing a computer security incident response team (CSIRT).
http://www.cert.org/csirts/
c. Governing for Enterprise Security
(The PDF). http://www.cert.org/archive/pdf/05tn023.pdf
d. Governing for Enterprise Security
(Web Site). http://www.cert.org/governance/ges.html
e. The “build security in” initiative.
https://buildsecurityin.us-cert.gov/portal/
2. Management Guide (IS Security Auditing).
http://www.gao.gov/special.pubs/mgmtpln.pdf
3. A series of landmark reports published by The IIA.
a. Information Security Management and Assurance: A Call to Action for Corporate Governance.
www.theiia.org/download.cfm?file=22398
b. Information Security Governance: What Directors Need to Know.
www.theiia.org/download.cfm?file=7382
c. Building, Managing and Auditing Information Security.
www.theiia.org/download.cfm?file=33288
6. Information Security Awareness Readings:
- Building an Information Security Awareness Program (Mark Desman)
- Building an IT Security Awareness Program (NIST)
- True Value of Info. Security Awareness Program (Gary Hinson)
- Implementing User Security Awareness Training (Kelly Allison)
- Security Awareness—“Are Users Clued In”? (Robert Held)
- Security Awareness Training Program in Your Environment (Kelly Nichol)
- A Business Need for Information Security (Rebecca Herold)
- Security Awareness with Protecting Information (InformationShield)
7. Managing an Information Security Awareness Program (by Rebecca Herold).
http://www.rebeccaherold.com/
8. Internet and Computer Ethics for Kids (and Parents and Teachers Who Haven’t Got a Clue)
http://www.thesecurityawarenesscompany.com/Ethics.html
9. A Better Way of Motivating People
http://newsystemsthinking.com/article_details.asp?ID=29
10. Training and Awareness Articles
http://www.privacyguidance.com/etraining_awareness.html
11. Social Psychology and INFOSEC: Psycho-Social Factors in the Implementation of Information Security Policy
http://www.mekabay.com/infosecmgmt/Soc_Psych_INFOSEC.pdf
12. IT World Canada IT Security Resource Blog
http://blogs.itworldcanada.com/security/
Silahkan dinikmati Resources mengenai IT Security tersebut.
No comments:
Post a Comment