(95-841)
Announcements
Grading
Fall 2012
Comments?
(c) Copyright 2012
The Heinz College, CMU
| Links | ||
| Computer and Information Security Policy | Good intro to the what and why of security policy | |
| Back to Information Security Basics | Quick review of basic security building blocks. | |
| Building and Implementing a Successful Information Security Policy | Guidance on Building Policy | |
| Site Security Policy Development | Quick guide to developing policy | |
| Guide for Developing Security Plans for Federal Information Systems | NIST guide on building policy | |
| Incorporating and Funding Security in Information Systems Investments | Government principles on costs of security | |
| Return on Information Security Investment | Good taxonomy of ROI methods for Info Assurance | |
| Handbook for Information Assurance Security Policy | Sample infosec policy for a school system. | |
| Charting a Course for Information Assurance Policy | The US Navy's take on IA policy | |
| DHHS Policies and Procedures | Ohio State department take on IA policy | |
| Acceptable Use Policy | Virginia State department acceptable use policy | |
| OCTAVE-S Implementation Guide | Asset-based risk assessment methodology for small organizations. | |
| Security of the Internet | CERT/CC's Take on Internet Security | |
| Home Network Security | CERT/CC's quick guide on home network security | |
| Secure Infrastructure Design | CERT/CC's recommendations for designing secure infrastructures | |
| Site Security Handbook | Internet Standard (RFC) Site Security Handbook | |
| Security Ethics, Policy, and Laws | Good overview | |
| Data Roles and Responsibilities | Univ. Of Connecticut's policy on data integrity | |
| Top 10 Safe Computing Tips | MIT's guidance on preserving integrity | |
| Counterpane.com | This site has a lot of information about encryption from one of its leading (unclassified) practitioners. Their electronic newsletter "Cryptogram" is well worth reading. | |
| Warhol Worms | Warhol worms - fast attack strategies on the Internet. | |
| Security Attribute | Security Attribute Evaluation Method, a means of identifying useful overlapping layers of security controls. | |
| The Death of the Public Forum in Cyberspace | Security of free expression and the rule of law | |
| My Law in Cyberspace Baby | Case Study on law and cyberspace | |
| Internet filtering and young people References | Cyberspace Law and Policy Centre for the Internet Filtering Research Project | |
| Governing for Enterprise Security | Networked Systems Survivability Program | |
| Why Security Policies Fail | How Policies can fail to secure your network | |
| - | More to come | |