Date Published: January 2007
Author(s)
Pauline Bowen (NIST), Elizabeth Chew (NIST), Joan Hash (NIST)
Information Security Guide for Government Executives provides a broad overview of information security program concepts to assist senior leaders in understanding how to oversee and support the development and implementation of information security programs. Management is responsible for: (1) Establishing the organization's information security program; (2) Setting program goals and priorities that support the mission of the organization; and (3) Making sure resources are available to support the security program and make it successful. Senior leadership commitment to security is more important now than ever before. Studies have shown that senior management's commitment to information security initiatives is the number one critical element that impacts an information security program's success. Meeting this need necessitates senior leadership to focus on effective information security governance and support which requires integration of security into the strategic and daily operations of an organization. When considering this challenge, five key security questions emerge for the executive: (1) What are the information security laws, regulations, standards, and guidance that I need to understand to build an effective security program? (2) What are the key activities to build an effective security program? (3) Why do I need to invest in security? (4) Where do I need to focus my attention in accomplishing critical security goals? (5) Where can I learn more to assist me in evaluating the effectiveness of my security program? This guide provides the answers to those questions.
Information Security Guide for Government Executives provides a broad overview of information security program concepts to assist senior leaders in understanding how to oversee and support the development and implementation of information security programs. Management is responsible for: (1)...
See full abstract
Information Security Guide for Government Executives provides a broad overview of information security program concepts to assist senior leaders in understanding how to oversee and support the development and implementation of information security programs. Management is responsible for: (1) Establishing the organization's information security program; (2) Setting program goals and priorities that support the mission of the organization; and (3) Making sure resources are available to support the security program and make it successful. Senior leadership commitment to security is more important now than ever before. Studies have shown that senior management's commitment to information security initiatives is the number one critical element that impacts an information security program's success. Meeting this need necessitates senior leadership to focus on effective information security governance and support which requires integration of security into the strategic and daily operations of an organization. When considering this challenge, five key security questions emerge for the executive: (1) What are the information security laws, regulations, standards, and guidance that I need to understand to build an effective security program? (2) What are the key activities to build an effective security program? (3) Why do I need to invest in security? (4) Where do I need to focus my attention in accomplishing critical security goals? (5) Where can I learn more to assist me in evaluating the effectiveness of my security program? This guide provides the answers to those questions.
Hide full abstract
Keywords
information security program elements; security laws; security program; information security; security regulations and standards
Control Families
Awareness and Training; Planning