Gaithersburg, Md. : , : National Institute of Standards and Technology, , 2009

1 online resource (14 pages)

NISTIR

351.0074

Government executives

Information technology

Computer security - United States

Handbooks and manuals.

Inglese

Title from title screen (viewed on Feb. 20, 2007).

"January 2007."

Information Security Guide for Government Executives provides a broad overview of information security program concepts to assist senior leaders in understanding how to oversee and support the development and implementation of information security programs. Management is responsible for: (1) Establishing the organization's information security program; (2) Setting program goals and priorities that support the mission of the organization; and (3) Making sure resources are available to support the security program and make it successful. Senior leadership commitment to security is more important now than ever before. Studies have shown that senior management's commitment to information security initiatives is the number one critical element that impacts an information security program's success. Meeting this need necessitates senior leadership to focus on effective information security governance and support which requires integration of security into the strategic and daily operations of an organization. When considering this challenge, five key security questions emerge for the executive: (1) What are the information security laws, regulations,

standards, and guidance that I need to understand to build an effective security program? (2) What are the key activities to build an effective security program? (3) Why do I need to invest in security? (4) Where do I need to focus my attention in accomplishing critical security goals? (5) Where can I learn more to assist me in evaluating the effectiveness of my security program? This guide provides the answers to those questions.