Reading materials related to the Lectures


        Notesfor Lecture1 (Note 1,Note 2)


Reading materials for HW 1

        Paper1: Information Security management: A human challenge?

        Paper2: An integrated system theory of information security management

SampleTemplate, Samplereview

NIST Documents

1.   FIPSPUB 199: Standards for Security Categorization of Federal Information andInformation Systems

2.   Guideto Mapping Types of Information and Information Systems to Security Categories(NIST 800-60)

3.   ComputerSecurity Incident Handling Guide (Chapters 4, 5, 6 and 8) (NIST 800-61)

4.   SecurityConsiderations in the Systems Development Life Cycle (NIST 800-64)

5.   InformationSecurity Handbook: A Guide for Managers

6.   Guidelineson Security and Privacy in Public Cloud Computing

7.   Guideto Malware Incident Prevention and Handling for Desktops and Laptops (Draft)

8.   Contingency Planning Guide forInformation Technology System(NIST800-34)

9.   GenerallyAccepted Principles and Practices for Securing Information TechnologySystems (NIST 800-14)

10. Guide for Developing Security Plansfor Federal Information Systems (SP 800-18 Rev. 1)

11. Information Security ContinuousMonitoring for Federal Information Systems and Organizations (SP 800-137)

12. Building an Information TechnologySecurity Awareness and Training Program (SP 800-50)

13. Managing Information Security Risk:Organization, Mission, and Information System View (SP 800-39)

14. Performance Measurement Guide forInformation Security NIST 800-55) (SP 800-55 Rev. 1)

15. Security Guide for InterconnectingInformation Technology Systems (NIST 800-47) (SP 800-47)

16. Guidelines on Active Content andMobile Code (NIST 800-28) (SP 800-28 Version 2)

17. Integrating IT Security into theCapital Planning and Investment Control Process (SP 800-65)