Tools & Resources

Information Security & Privacy Program

Tools for Implementing Security and Privacy

See the Tools & Software page provided by the University Information Security Office.

Sources for Security and Privacy Principles

  1. OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security
    Organisation for Economic Co-operation and Development (OECD): 2002
  2. Generally Accepted Principles and Practices for Securing Information Technology Systems
    National Institute of Standards and Technology (NIST) Special Publication (SP) 800-14: 1996 (PDF)
  3. Generally Accepted Information Security Principles (GAISP), v3.0
    nformation Systems Security Association (ISSA): 2004 (PDF)
  4. Generally Accepted Privacy Principles: A Global Privacy Framework (GAPP)
    American Institute of Certified Public Accountants, Inc. (AICPA) and Canadian Institute of Chartered Accountants (CICA): 2006
  5. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
    Organisation for Economic Co-operation and Development (OECD): 1980
  6. Fair Information Practice Principles. Federal Trade Commission

Sources for Security & Privacy Standards Commonly Used in Higher Education Institutions

  1. Code of Practice for Information Security Management
  2. Information Security Management Systems & Requirements
    International Organization for Standardization (ISO) 27001: 2005
  3. The Standard of Good Practice for Information Security
    Information Security Forum (ISF): 2007

Sources for S&P Standards Commonly Used in Federal Government

  1. Recommended Security Controls for Federal Information Systems
    National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53: 2007 (PDF)
  2. Minimum Security Requirements for Federal Information and Information Systems
    National Institute of Standards and Technology (NIST) Federal Information Processing Standards Publication (FIPS) 200: 2006 (PDF)

Sources for S&P Standards Commonly Used in Auditing/Assessment and Risk Management

  1. Control Objectives for Information and related Technology (CobiT)
    IT Governance Institute (ITGI): 2005
  2. Internal Control & Integrated Framework (IC Framework)
    The Committee of Sponsoring Organizations of the Treadway Commission (COSO)