|
CoBIT (http://www.isaca.org/cobit.htm) - CoBIT has been developed as a generally applicable and accepted standard for good Information Technology (IUT) security and control practices that provides a reference framework for management, users, and IS audit, control and security practitioners.
Chief Information Officers Council - Federal Best Security Practices (BSP’s) (http://www.cio.gov/index.cfm?function=documents§ion=best%20practices)
Handbook for Computer Security Incident Response Teams (CSIRTs) (http://www.sei.cmu.edu/publications/documents/98.reports/
98hb001/98hb001abstract.html)
This document provides guidance on the generic issues to consider when forming and operating a computer security incident response team (CSIRT). The document discusses the functions that make up the service; how those functions interrelate; and the tools, procedures, and the roles necessary to implement the service.
Internet Engineering Task Force (IETF) (http://www.ietf.org/rfc/rfc2196.txt?number=2196)
Site Security Handbook
ISO 17799 Community Portal (http://www.17799.com)
This portal publishes news, articles and other information related to the ISO17799 and BS7799 information security standard.
Privacy of Consumer Financial Information (regulation S-P) (http://www.sec.gov/rules/final/34-42974.htm)
The Securities and Exchange Commission is adopting Regulation S-P, privacy rules promulgated under section 504 of the Gramm-Leach-Bliley Act. Section 504 requires the Commission and other federal agencies to adopt rules implementing notice requirements and restrictions on financial institution’s ability to disclose non-public personal information about consumers. Under the GLBA, a financial institution must provide its customers with a notice of its privacy policies and practices, and must not disclose nonpublic personal information about a consumer to nonaffiliated third parties unless the institution provides certain information to the consumer and the consumer has not elected to opt out of the disclosure.
|
