IT Security Taxonomy – Artikel dan Guidance mengenai IT Security Issues
**bicarait.com
Berikut ini ada beberapa hal yang dapat dimulai untuk memahami betapa pentingnya pembahasan mengenai IT Security :
1. Making information security everybody’s business!
http://www.noticebored.com/html/about_noticebored.html
2. The Psychology Behind Security
https://www.issa.org/images/upload/files/Sternberg-Psychology%20Behind%20Security.pdf
3. Improving Information Security! (an endless task) – By Dan Swanson
http://www.auditnet.org/articles/DSIA201006.htm (121 good security resources)
4. Improve IT Security: Educate Staff
In today’s healthcare environment, information security and protection of information assets are critical activities for all organizations. Information is the lifeblood of the organization and a vital business asset. IT systems connect every internal department of an organization and connect the enterprise to a myriad of suppliers, partners, and others on the outside, too.
http://www.ahia.org/audit_library/newperspectivesarchive/new_perspectives/2009/Spring2009/TheITPerspective_ImproveITSecurity_EducateStaffbyDanSwanson.pdf
5. Other Security Resources:
1. CERT has issued extensive guidance regarding information security. The CERT® Program is part
of the Software Engineering Institute (SEI), a federally funded research and development center at
Carnegie Mellon University.
a. Evaluating security risks, practices & insider threats.
http://www.cert.org/nav/index_green.html
b. Establishing a computer security incident response team (CSIRT).
http://www.cert.org/csirts/
c. Governing for Enterprise Security
(The PDF). http://www.cert.org/archive/pdf/05tn023.pdf
d. Governing for Enterprise Security
(Web Site). http://www.cert.org/governance/ges.html
e. The “build security in” initiative.
https://buildsecurityin.us-cert.gov/portal/
2. Management Guide (IS Security Auditing).
http://www.gao.gov/special.pubs/mgmtpln.pdf
3. A series of landmark reports published by The IIA.
a. Information Security Management and Assurance: A Call to Action for Corporate Governance.
www.theiia.org/download.cfm?file=22398
b. Information Security Governance: What Directors Need to Know.
www.theiia.org/download.cfm?file=7382
c. Building, Managing and Auditing Information Security.
www.theiia.org/download.cfm?file=33288
6. Information Security Awareness Readings:
- Building an Information Security Awareness Program (Mark Desman)
- Building an IT Security Awareness Program (NIST)
- True Value of Info. Security Awareness Program (Gary Hinson)
- Implementing User Security Awareness Training (Kelly Allison)
- Security Awareness—“Are Users Clued In”? (Robert Held)
- Security Awareness Training Program in Your Environment (Kelly Nichol)
- A Business Need for Information Security (Rebecca Herold)
- Security Awareness with Protecting Information (InformationShield)
7. Managing an Information Security Awareness Program (by Rebecca Herold).
http://www.rebeccaherold.com/
8. Internet and Computer Ethics for Kids (and Parents and Teachers Who Haven’t Got a Clue)
http://www.thesecurityawarenesscompany.com/Ethics.html
9. A Better Way of Motivating People
http://newsystemsthinking.com/article_details.asp?ID=29
10. Training and Awareness Articles
http://www.privacyguidance.com/etraining_awareness.html
11. Social Psychology and INFOSEC: Psycho-Social Factors in the Implementation of Information Security Policy
http://www.mekabay.com/infosecmgmt/Soc_Psych_INFOSEC.pdf
12. IT World Canada IT Security Resource Blog
http://blogs.itworldcanada.com/security/
Silahkan dinikmati Resources mengenai IT Security tersebut.
No comments:
Post a Comment