NIST: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (2010) resource Agency Guidances OCEG Reviewed
NIST Special Publication 800-37, Revision 1 (February 2010)
FTC: Fighting Fraud with the Red Flags Rule: A How-to Guide for Business resource Agency Guidances OCEG Reviewed
The “Red Flags” Rule, in effect since January 1, 2008, requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or “red flags” – of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate the damage it inflicts. By identifying red flags in advanc
Red Flag Program Clarification Act of 2010, Public Law 111-319 resource National Laws OCEG Reviewed
Amends the Fair Credit Reporting Act with respect to the applicability of identity theft guidelines to creditors.
FTC: Red Flags Rule Web Site resource Agency Web Sites OCEG Reviewed
The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or red flags – of identity theft in their day-to-day operations.
United Kingdom, Guide to data protection – definitions, principles and practical examples resource Agency Guidances OCEG Reviewed
The principles of the Data Protection Act in detail: this Guide explains the purpose and effect of each principle, and gives practical examples to illustrate how the principles apply in practice.
From the Information Commissioner's Office (ICO).
United Kingdom, Minstry of Justice Data Protection Web Site resource Agency Guidances OCEG Reviewed
Guidance for professionals and practitioners on application of the Data Protection Act 1998.
United Kingdom, Compliance with the data protection framework decision (2011) resource Agency Guidances OCEG Reviewed
UK Ministry of Justice Circular setting out the requirements that UK competent authorities must meet in order to comply with the EU data protection framework decision 2008/977/JHA.
24 January 2011
High Performers and Foundational Controls: Building a Strategy for Security and Risk Management (January 2011) resource White Papers OCEG Reviewed
Overview: In this paper, EMA examines the broad domains of controls enterprises must consider in order to build a solid foundation for IT security management: Countering threats, Resolving vulnerabilities (in more than just software), Managing application risks, Protecting sensitive information, Managing and enforcing identity, access and entitlements, Managing events and
Regulatory Intelligence by Michael Rasmussen: an Axentis Thought Leadership White Paper resource White Papers Member contributionOCEG Reviewed
"The old paradigm of regulatory change management is clearly a recipe for disaster given the volume, pace of change
Cyberspace: United States Faces Challenges in Addressing Global Cybersecurity and Governance (GAO, 2010) resource Research / Studies OCEG Reviewed
Recent foreign-based intrusions on the computer systems of U.S. federal agencies and commercial companies highlight the vulnerabilities of the interconnected networks that comprise the Internet, as well as the need to adequately address the global security and governance of cyberspace. Federal law and policy give a number of federal entities responsibilities for representing U.S.
