References
- The Alliance for Enterprise Security Risk Management. “Convergence of Enterprise Security Organizations.” Booz Allen Hamilton, November 8, 2005.
- Allen, Julia. “Governing for Enterprise Security.” (CMU/SEI-2005-TN-023). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, June 2005. http://www.sei.cmu.edu/publications/documents/05.reports/05tn023.html
- Allen, Julia. “Why Leaders Should Care About Security.” CERT Podcast Series: Security for Business Leaders, 2006–2007. http://www.cert.org/podcast/
- Allen, Julia. “Security Is Not Just a Technical Issue.” Build Security In website, Department of Homeland Security, October 2006. http://buildsecurityin.us‐cert.gov/daisy/bsi/articles/best‐practices/management/563.html (buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/management/563.html)
- Allen, Julia. “Framing Security as a Governance and Management Concern: Risks and Opportunities.” Department of Homeland Security, Build Security In website, October 2006. http://buildsecurityin.us‐cert.gov/daisy/bsi/articles/best‐practices/management/565.html (buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/management/565.html)
- Allen, Julia. “Navigating the Security Practice Landscape.” Department of Homeland Security, Build Security In website, October 2006. http://buildsecurityin.us‐cert.gov/daisy/bsi/articles/best‐practices/deployment/582.html (buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/deployment/582.html)
- Allen, Julia. “Plan, Do, Check, Act.” Department of Homeland Security, Build Security In website, November 2006. http://buildsecurityin.us‐cert.gov/daisy/bsi/articles/best‐practices/deployment/574.html (buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/deployment/574.html)
- Bowen, Pauline et al. Information Security Handbook: A Guide for Managers (NIST Special Publication 800-100). Gaithersburg, MD: Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, October 2006. http://csrc.nist.gov/publications/nistpubs/index.html
- Braithwaite , Timothy . 2002 . Securing E-Business Systems: A Guide for Managers and Executives , John Wiley & Sons, Inc. .
- Business Roundtable. Principles of Corporate Governance 2005, Business Roundtable, November 2005. http://www.businessroundtable.org/pdf/CorporateGovPrinciples.pdf
- Business Software Alliance. “Information Security Governance: Toward a Framework for Action.” October 2003. http://www.bsa.org/resources/loader.cfm?url=/commonspot/security/getfile.cfm&PageID=5841
- Caralli, Richard. “Managing for Enterprise Security” (CMU/SEI-2004-TN-046). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, December 2004. http://www.sei.cmu.edu/publications/documents/04.reports/04tn046.html
- Cashell, Brian et al. “The Economic Impact of Cyber-Attacks.” Congressional Research Service, April 2004. http://www.cisco.com/warp/public/779/govtaffairs/images/CRS_Cyber_Attacks.pdf
- Information Security Governance: A Call to Action, Corporate Governance Task Force Report, National Cyber Security Summit Task Force, April 2004. http://www.cyberpartnership.org/InfoSecGov4_04.pdf
- Gerdes, Michael. Review comments to [Allen 05], May 2005.
- Harris, Shon. “Introduction to Security Governance.” Search Security.com, August 22, 2006. http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1210565,00.html?track=NL431&ad=559554&asrc=EM_NLT_479998&uid=790142 (searchsecurity.techtarget.com/tip/0289483sid14_gci121056500.html?track=NL431&ad=559554&asrc=EM_NLT_479998&uid=790142)
- International Federation of Accountants. Enterprise Governance: Getting the Balance Right, International Federation of Accountants, Professional Accountants in Business Committee, 2004. http://www.ifac.org/Members/DownLoads/EnterpriseGovernance.pdf
- International Organization for Standardization. Information technology—Security techniques— Code of practice for information security management. ISO/IEC 17799:2005(E), Second edition, June 15, 2005.
- International Organization for Standardization. Information technology—Security techniques—Information security management systems—Requirements. ISO/IEC 27001:2005(E), First edition, October 15, 2005.
- IT Audit Checklist: Risk Management. IT Compliance Institute, 2006. http://www.itcinstitute.com/display.aspx?id=2499
- IT Governance Institute. Board Briefing on IT Governance, IT Governance Institute, 2003. http://www.itgi.org/Template_ITGI.cfm?Section=ITGI&CONTENTID=6658&TEMPLATE=/ContentManagement/ContentDisplay.cfm
- http://www.itgi.org http://www.isaca.org Information Technology Governance Institute. COBIT 4.0 Control Objectives for Information and related Technology. ITGI, 2005.
- Kim, Gene; Milne, Kurt; Phelps, Dan. “Prioritizing IT Controls for Effective Measurable Security.” IT Process Institute, 2006. http://buildsecurityin.us‐cert.gov/daisy/bsi/articles/best‐practices/deployment/577.html (buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/deployment/577.html)
- Smedinghoff, Thomas J. “Where We're Headed—New Developments and Trends in the Law of Information Security.” Wildman, Harrold, Nov. 2006. http://www.wildmanharrold.com:80/practice/law_of_information_security.htm (www.wildmanharrold.com/practice/law_of_information_security.htm)
- Steven, John. “Adopting an Enterprise Software Security Framework.” IEEE Security & Privacy, IEEE Computer Society, March/April 2006. http://buildsecurityin.us‐cert.gov/daisy/bsi/resources/published/series/bsi‐ieee/568.html (buildsecurityin.us-cert.gov/daisy/bsi/resources/published/series/bsi-ieee/568.html)
- Stoneburner, Gary,et al. Risk Management Guide for Information Technology Systems (Special Publication 800-30). Gaithersburg, MD: Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, July 2002. http://csrc.nist.gov/publications/nistpubs/index.html
- Taylor , Patrick . 2004 . A Wake Up Call to All Information Security and Audit Executives: Become Business-Relevant . Information Systems Control Journal , 6
- Westby, Jody R., editor. International Guide to Combating Cybercrime. American Bar Association, Privacy & Computer Crime Committee, Section of Science & Technology Law. American Bar Association, 2005. Ordering information available at http://www.abanet.org/abastore/index.cfm?section=main&fm=Product.AddToCart&pid=5450030
- Westby, Jody R., editor. International Guide to Privacy. American Bar Association, Privacy & Computer Crime Committee, Section of Science & Technology Law. American Bar Association, 2004a. Ordering information available at http://www.abanet.org/abastore/index.cfm?section=main&fm=Product.AddToCart&pid=5450037
- Westby, Jody R., editor. International Guide to Cyber Security. American Bar Association, Privacy & Computer Crime Committee, Section of Science & Technology Law. American Bar Association, 2004b. Ordering information available at http://www.abanet.org/abastore/index.cfm?section=main&fm=Product.AddToCart&pid=5450036
- Westby, Jody, editor. “Roadmap to an Enterprise Security Program.” American Bar Association, Privacy & Computer Crime Committee, Section of Science & Technology Law. American Bar Association, 2005. Ordering information available at http://www.abanet.org/abastore/index.cfm?section=main&fm=Product.AddToCart&pid=5450039