IT

Order by:Group by:

Crisis Management & Response

NIST, Computer Security Incident Handling Guide (2008)

E-Discovery

FAQ: Changes to the Federal Rules of Civil Procedure Affect Storage Plans (2007)
Examining E-Discovery Chain of Custody (2007)
Group creates standard to ease e-discovery data transfer (2007)
E-discovery product purchase considerations (2008)
Law Technology News

GRC Planning and Organization

Governing for Enterprise Security Implementation Guide (GES)

GRC Technology, Information Management

GRC Forum Report - Proving the Value of IT for GRC

Information Security, Risk Assessment

NIST, Risk Management Framework
Convergence of Physical and Information Security in the Context of Enterprise Risk Management, The (2007)
Managing risk in the information age (2007)

Information Security

NIST, Federal Information Security Management Act (FISMA) Implementation Project
Creating a Computer Security Incident Response Team: A Process for Getting Started (2002, Last Updated 2006)
Alan Calder on IT Governance, information security and ISO 27001
Security Matters, Software Engineering Institute, Carnegie Mellon University
IT Sentinel (UK)
Federal Information Security Management Act of 2002
Government of Canada Publications: IT Security Guidance (ITSG)
Information Security Forum
ISO Catalog Page: Information technology
IT Security Portal
Survival of the Fittest: Disaster Recovery Design for the Data Center (2008)

OCEG Guides, Handbooks, Maturity Models

GRC Technology Solutions Guide v. 2.1

OCEG Illustrated Series

OCEG Illustrated Series: #3 IT Roadmap For GRC
OCEG Illustrated Series: #16 How Do We Integrate IT to Enable GRC?

Privacy Laws & Regulation

NIST, ITL Security Bulletins
Compliance Provides Benefits Beyond The Obvious (2007)
Portable security: Full-disk encryption can take a lot of risk out of mobile computing (2007)
Guide to NIST Information Security Documents

Record Retention & Data Management

Email archiving UK law, regulations and implications for business (2007)

Risk Assessment

FFIEC, IT Risk Management Process
Architectural Risk Analysis (2005)
Assessing, Managing Enterprise Risk: What it takes to manage virtual servers (2007)
Related communities
Technology Council