Processes

Security can best be achieved by incorporating good practice into standard business processes. Security and management professionals will find the following links useful for developing business processes:

Links to:

Social engineering against information systems (PDF - 147KB)

Technical Note 02/03: Understanding common criteria evaluation (PDF - 154KB)

Technical Note 04/04: Organisational vulnerability management process (PDF - 63KB)

Technical Note 05/04: A vulnerability management process for IT product vendors (PDF - 50KB)

Technical Note 01/05: An introduction to forensic readiness planning (PDF - 88KB)

Technical Note 02/05: The importance of code signing (PDF - 63KB)

Policy and best practice: NISCC assurance report for the CNI organisation (PDF - 225KB)

Policy and best practice: Using external security specialists (PDF - 127KB)

Risk management and accreditation of information systems (PDF - 653KB)

Policy and best practice: First reponders' guide: policy and principles (PDF - 86KB)

Policy and best practice: First reponders' guide: template (PDF - 90KB)

Policy and best practice: Commercially available penetration testing (PDF - 111KB)

Policy and best practice: Outsourcing: Security governance framework for IT managed service provision (PDF - 27KB)

Policy and best practice: Patch Management (PDF - 161KB)