For all the IS Managers

NIST has released SP800-100, Information Security Handbook: A Guide for Managers. I'm sure it'd benefit everyone in the security community, since you either are or one day will be a manager (or at least help make managers make more informed decisions). Here's a quick run down on the sections it covers:

1. Introduction
2. Information Security Governance
3. System Development Life Cycle
4. Awareness and Training
5. Capital Planning and Investment Control
6. Interconnecting Systems
7. Performance Measures
8. Security Planning
9. Information Technology Contingency Planning
10. Risk Management
11. Certification, Accreditation, and Security Assessments
12. Security Services and Products Acquisition
13. Incident Response
14. Configuration Management

Posted by Marcin on Friday, November 10, 2006 in Security.