Title
or Topic or Orgnization |
Download
or site |
| U.S. Securities and Exchange Commission | |
| Organisation for Economic Co-operation and Development (If you haven't been to the OECD site you are really missing a lot of important information.) | |
| National Association of Securities Dealers | |
| New York Stock Exchange | |
| Financial Accounting Standards Board | |
| National Association of State Boards of Accountancy |
|
| International Accounting Standards Board | |
| American Institute of Certified Public Accountants | |
| The primary mission of the U.S. Securities and Exchange Commission (SEC) is to protect investors and maintain the integrity of the securities markets. | http://www.sec.gov/index.htm |
| The Information Systems
Audit and Control Association & Foundation |
http://www.isaca.org |
| IT Governance Portal Linking Business Objectives and Information Technology |
http://www.itgi.org/ |
Information Systems Audit and Control Association Standards, Guidelines and Procedures |
Standards Documentation |
| PWC on CobiT®.and ITIL | PWC on CobiT®.and ITIL |
NOTE: Per Request of ISACA, PDFs can only be downloaded from the ISACA Site. PB&SP supports this as documents are always being updated and ISACA's site is FABULOUS. If you haven't been to the ISACA site in the last few months, you are in for a treat. If you are not a member of ISACA, join today. Begin any research by visiting KNET ISACA's comprehensive search engine. |
|
 |
|
Executive
Summary |
PDF Downloads are available at ISACA |
Sarbanes
Oxley |
|
| Sarbanes Oxley, Actual Legislation | Sarbanes-Oxley Legislation or PUBLIC LAW 107–204—JULY 30, 2002—116 STAT. 745 |
| KPMG A New Focus On Government; Managing Stakeholder Expectations to Sustain Business Value | KPMG Stakeholder_Governance.pdf |
Phoenix Business & Systems Process utilizes the services of CFO Direct, a web service of PriceWaterHouseCoopers. We urge others to login and make full advantage of this outstanding resource. |
http://www.cfodirect.com/ |
| The Sarbanes Oxley Act of 2002; Strategies For Meeting New Internal Control Reporting Challenges, A White Paper | PWC_IC_03.07.03_Sarbox_WP1.pdf |
| Consensus Benchmark Scoring Tools | http://www.cisecurity.org |
| ISO 21827 System Security Engineering Capability Maturity Model | iso21827 |
| SSE-CCM: Model Description Document, V 2.0 April 1, 1999 | http://www.sse-cmm.org/docs/ssecmmv3final.pdf |
| Information Security Management and Assurance -- Three report series from IIA, NACD, CIAO, et al | theiia |
| Information Security Governance: Guidance for Boards of Directors and Executive Management", 2001 -- IT Governance Institute | |
| Gramm, Leach, Bliley Act (GLBA) - The Financial Modernization Act of 1999 | http://ftc.gov/privacy/glbact/ |
| Health Information Portability and Accountability Act - HIPAA | http://www.hhs.gov/ocr/hipaa |
| Federal Information Security Management Act of 2002 (FISMA) -- U.S. Congress, 2002 | http://fedcirc.gov/library/legislation/FISMA.html |
| CA SB 1386 (the "You've Been Hacked" Act) | California SB 1386 |
| Federal Trade Commission enforcement guidelines/actions | |
| DISA Security Technical Implementation Guides | http://csrc.nist.gov/pcig/cig.html |
| NIST Configuration Guides | http://csrc.nist.gov/pcig/cig.html |
| NSA Configuration Guides | http://www.nsa.gov/snac/ |
| SANS Step-by-Step Guides | https://store.sans.org/ |
| CobiT®.-- Control Objectives for Information and Related Technologies (ISACA) | http://www.isaca.org/ |
| CMU -- Carnegie Mellon University | http://www.cmu.edu/ |
| COSO -- Committee of Sponsoring Organizations for the Commission on Fraudulent Financial Reporting (Tradeway Commission) | http://www.coso.org/ |
| DHS -- Department of Homeland Security | http://www.dhs.gov/ |
| DISA -- Defense Information Systems Agency | http://www.disa.mil/ |
| FFIEC -- Federal Financial Institutions Examination Council | http://www.ffiec.gov/ |
| FSR -- Financial Services Roundtable | http://www.fsround.org/ |
| FTC -- Federal Trade Commission | http://www/ftc/gov/ |
| GAISPC -- Generally Accepted Information Security Principles Committee | http://www.issa.org/gaisp.html |
| IAIP -- Information Assurance and Infrastructure Protection of the DHS | http://www.dhs.gov/ |
| ICAEW -- Institute of Chartered Accountants in England & Wales | http://www.icaew.co.uk/ |
| ICC -- International Chamber of Commerce | http://www.iccwbo.org/ |
| IFAC --International Federation of Accountants | http://www.ifac.org/ |
IIA -- The Institute of Internal Auditors, Inc. (and IIA Research Foundation) Definition of Internal Auditing Guidance for the Profession Brochure (PDF, 994KB)Professional Practices Framework (the Red Book) Establishing an Internal Audit Shop Reprint Permission to Reprint (PDF) |
Audit Committee Briefing - Internal Audit Standards: Why They Matter (PDF 395KB) |
| ISA -- Internal Security Alliance | http://ww.isalliance.org/ |
| ISACA -- The Information Systems Audit and Control Association | http://www.isaca.org/ |
| ISF -- Information Security Forum | http://www.securityforum.org/ |
| ISO -- International Organization for Standardization | http://www.iso.org |
| ISSA -- Information Systems Security Association | http://www.issa.org/ |
| NACD -- National Association of Corporate Directors | http://www.nacdonline.org/ |
| NCSA -- National Cyber Security Alliance | http://www.staysafeonline.info/ |
| NERC -- North American Electric Reliability Council | http://www.nerc.com/ |
| NIST -- National Institute for Standards and Technology | http://www.nist.gov/ |
| OECD -- Organization for Economic Cooperation and Development | http://www.oecd.org |
| PCAOB -- Public Company Accounting Oversight Board | http://www.pcaobus.org/ |
| SANS -- Systems Administration, Audit, and Network Security Institute | http://www.sans.org/ |
| SEC -- Securities & Exchange Commission | http://www.sec.gov/ |
| SEI -- Carnegie Mellon Software Engineering Institute | http://www.sei.cmu.edu/ |
| SNAC -- Systems and Network Attack Center (NSA) | http://www.nsa.gov/snac/ |
| US-CERT -- U.S. Computer Emergency Readliness Team | http://www.us-cert.gov/ |
| WB -- World Bank | http://www.worldbank.org/ |
| OECD Guidlines for the Security of Information Systems and Networks (9 pervasive principles for information security upon which several other guides are based.) | oecd |
| GAPP -- "Generally Accepted Principles and Practices" NIST SP 800-18, "Guide for Developing Security Plans for Information Technology Systems" December 1998 (Marianne Swanson & Barbara Guttman), ".Eight generally accepted principles (see OCED) and "Common IT Security Practices." | GAPP and NIST 18 Guide for Secl |
| GAISP -- Generally Accepited Information Security Principles Currently available: Generally Accepted Systems Security Principles (GASSP) consisting of Pervasive Principles (PP), & Broad Functional Principle (BFP), June 1999. Detailed Principles are under development (ISSA) | |
| NIST 800-14 Generally Accepted Principles and Practices for Securing IT Systems, 1996 | NIST SP 800 14 |
| NIST 800-26 Self Assessment Guide for IT Systems | NIST SP 800 26 |
| NIST 800-27 Engineering Principles for IT Security | NIST SP 800 27 |
| NIST 800-12 The Computer Security Handbook, 1995 | NIST SP 800 12 |
| NIST 800-37 Guide for The Security Certification and Accreditation of Federal Information Systems | NIST SP 800 37 |
| NIST 800-53 -- Recommended Security Controls for Federal Info Systems (draft) | NIST SP 800 53 |
| IFAC International Guidelines on Information Technology Management -- Managing Information Technology Planning for Business Impact: International Federation of Accountants, New York, 1999. | http://www.ifac.org/ |
| BS 7799 -- Parts 1 & 2, Code of Practice for Information Security Management (British Standards Institute) | http://www.bsi.org.uk |
| ISO 17799 -- Information Technology -- Code of Practice for Information Security Management | ISO17799 information |
| Trust Services Criteria; including SysTrust/WebTrust (AICPA) | SysTrust/WebTrust (AICPA) |
| Standard of Good Practice for Information Security (Information Security Forum) | ISF Standard Good Practice |
| ITCG: Information Technology: Control Guidelines 1998 (CICA) | CICA |
| ISO TR 13335 "Guidelines for the Management of Information Security," Parts 1-5 | ISO 13335 |
| Personal Information Protection and Electronic Documents Act (PIPEDA), Canadian | http://www.pipeda.org/ |
| EU Data Protection Directive -- Part 1 & Part 2 available in separate PDF's | |
| FDA 21 CFR Part 11 -- U.S. Food & Drug Administration; Title 21 Code of Federal Regulations Electronic Records; Electronic Signatures | FDA 21 CFR Part 11 |
| DTI Code of Practice for Information Security Management: Department of Trade and Industry and British Standard Institute. London, 1993, 1995. (Became BS 17799) | |
| Information Security Governance: Toward a Framework for Action (Business Software Alliance) | bsa |
| Information Security Oversight: Essential Board Practices (National Association of Corporate Directors) | nacdonline |
| IT Governance Implementation Guide | IT Governance Implementation Guide |
| Turnbill Report -- Internal Control --Guidance for Directors on the Combined Code -- Institute of Chartered Accountants in England & Wales (ICAEW) | icaew.co.uk |
