Information Security & Privacy Program
Tools for Implementing Security and Privacy
See the Tools & Software page provided by the University Information Security Office.
Sources for Security and Privacy Principles
- OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security | Organisation for Economic Co-operation and Development (OECD): 2002
- Generally Accepted Principles and Practices for Securing Information Technology Systems | National Institute of Standards and Technology (NIST) Special Publication (SP) 800-14: 1996 (PDF)
- Generally Accepted Information Security Principles (GAISP), v3.0 | Information Systems Security Association (ISSA): 2004 (PDF)
- Generally Accepted Privacy Principles: A Global Privacy Framework (GAPP) | American Institute of Certified Public Accountants, Inc. (AICPA) and Canadian Institute of Chartered Accountants (CICA): 2006
- OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data | Organisation for Economic Co-operation and Development (OECD): 1980
- Fair Information Practice Principles. Federal Trade Commission
Sources for Security & Privacy Standards Commonly Used in Higher Education Institutions
- Code of Practice for Information Security Management
- Information Security Management Systems & Requirements | International Organization for Standardization (ISO) 27001: 2005
- The Standard of Good Practice for Information Security | Information Security Forum (ISF): 2018
Sources for S&P Standards Commonly Used in Federal Government
- Recommended Security Controls for Federal Information Systems | National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53: 2007 (PDF)
- Minimum Security Requirements for Federal Information and Information Systems | National Institute of Standards and Technology (NIST) Federal Information Processing Standards Publication (FIPS) 200: 2006 (PDF)
Sources for S&P Standards Commonly used in auditing/Assessment and Risk Management
- Control Objectives for Information and related Technology (CobiT) | IT Governance Institute (ITGI): 2005
- Internal Control & Integrated Framework (IC Framework) | The Committee of Sponsoring Organizations of the Treadway Commission (COSO)