Information Assurance Policy
(95-841)
 
Home
Syllabus and Schedule
Announcements

Final Paper
Grading











Fall 2012


Comments?
(c) Copyright 2012
The Heinz College, CMU
 
Links
Computer and Information Security Policy Good intro to the what and why of security policy
Back to Information Security Basics Quick review of basic security building blocks.
Building and Implementing a Successful Information Security Policy Guidance on Building Policy
Site Security Policy Development Quick guide to developing policy
Guide for Developing Security Plans for Federal Information Systems NIST guide on building policy
Incorporating and Funding Security in Information Systems Investments Government principles on costs of security
Return on Information Security Investment Good taxonomy of ROI methods for Info Assurance
Handbook for Information Assurance Security Policy Sample infosec policy for a school system.
Charting a Course for Information Assurance Policy The US Navy's take on IA policy
DHHS Policies and Procedures Ohio State department take on IA policy
Acceptable Use Policy Virginia State department acceptable use policy
OCTAVE-S Implementation Guide Asset-based risk assessment methodology for small organizations.
Security of the Internet CERT/CC's Take on Internet Security
Home Network Security CERT/CC's quick guide on home network security
Secure Infrastructure Design CERT/CC's recommendations for designing secure infrastructures
Site Security Handbook Internet Standard (RFC) Site Security Handbook
Security Ethics, Policy, and Laws Good overview
Data Roles and Responsibilities Univ. Of Connecticut's policy on data integrity
Top 10 Safe Computing Tips MIT's guidance on preserving integrity
Counterpane.com This site has a lot of information about encryption from one of its leading (unclassified) practitioners. Their electronic newsletter "Cryptogram" is well worth reading.
Warhol Worms Warhol worms - fast attack strategies on the Internet.
Security Attribute Security Attribute Evaluation Method, a means of identifying useful overlapping layers of security controls.
The Death of the Public Forum in Cyberspace Security of free expression and the rule of law
My Law in Cyberspace Baby Case Study on law and cyberspace
Internet filtering and young people References Cyberspace Law and Policy Centre for the Internet Filtering Research Project
Governing for Enterprise Security Networked Systems Survivability Program
Why Security Policies Fail How Policies can fail to secure your network
- More to come