American National Standards Institute eStandards Store Home page Shopping Cart Alert me My account Download Frequently asked questions Help
ANSI Standards Store ANSI Standards Store
AAMI - medical device standards SIA Scaffold standards NEMA electrical standards; ATIS telecommunications standards NSF public health standards SEMI ISO environmental management standards
Browse Standards

Browse ISO Standards
Browse IEC Standards

View all publishers
 
 

View All Standards Packages
Follow ANSI on Facebook      
Follow ANSI on LinkedIn    
Follow ANSI on Twitter      
Get Adobe Acrobat Reader      
Get File Open Plug-In
     
 
 Document Number  Keyword   News  
Search Tips
 


THE FINANCIAL MANAGEMENT OF CYBER RISK
THE FINANCIAL MANAGEMENT OF CYBER RISK

Published by the Internet Security Alliance (ISA)
and the American National Standards Institute (ANSI)

Download your free copy here

. Registration is required for new users.

The Financial Management of Cyber Risk introduces a new framework for managing and reducing the financial risk related to cyber attacks, which threaten businesses, national security, and the international community.

The 76-page document offers a pragmatic action plan that addresses cybersecurity from an enterprise-wide perspective. Developed by a task force of more than sixty industry and government experts, The Financial Management of Cyber Risk: An Implementation Framework for CFOs has been funded and managed by the private sector and is offered as a free resource on cyber risk mitigation for organizations across the country.

Applicable Standards, Frameworks and Guidance Documents

The following list of standards and reference documents is included in Chapter 4 Appendix of The Financial Management of Cyber Risk: An Implementation Guide for CFO’s.

ISO/IEC 27001 and 27002 IT Security Techniques Package
The ISO/IEC 27001 and 27002 IT Security Techniques Package provides the requirements and code of practice to initiate, implement, maintain and improve an information security management system in any size organization. This package helps to identify an organization's security requirements, risks and selecting controls for the requirements and risks using the "Plan-Do-Check-Act" model.
ISO/IEC 27004:2009
Information technology - Security techniques - Information security management - Measurement
ISO/IEC 27005:2008
Information technology – Security techniques – Information Security Risk Management
ISO/IEC 21827:2008
Information technology - Security techniques - Systems Security Engineering - Capability Maturity Models (SSE-CMMr)
NFPA 1600
Standard on Disaster/Emergency Management and Business Continuity Programs (2007)
ISO/IEC 24762:2008
Information technology - Security techniques - Guidelines for information and communications technology disaster recovery services
ISO/IEC 27000:2009
Information technology - Security techniques - Information security management systems - Overview and vocabulary
ISO/IEC 20000-2:2005
Information technology - Service management - Part 2: Code of practice
NIST 800-30
Risk Management Guide For Information Technology Systems
NIST 800-55 Rev 1
Performance Measurement Guide For Information Security
NIST SP 800-100
Information Security Handbook – A Guide For Managers
NIST SP 800-53 A
Guide for Assessing the Security Controls in Federal Information Systems
NIST SP 800-51
Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme
NIST SP 800-34
Contingency Planning Guide for Information Technology Systems
NIST SP 800-47
Security Guide for Interconnecting Information Technology Systems
NIST SP 800-50
Building an Information Technology Security Awareness and Training Program
NIST SP 800-16
Information Technology Security Training Requirements: A Role and Performance Based Model
NIST SP 800-61 Rev. 1
Computer Security Incident Handling Guide
NIST SP 800-39
DRAFT Managing Risk from Information Systems: An Organizational Perspective
Control Objectives for Information Technology (CobiT ®)
FFIEC IT Examination Handbook
U.S Department of Homeland Security
Information Technology (IT) Security Essrntial Body of Knowledge (EBK): ACompetency and Functional Framework for IT Security Workforce Development
Other useful reference standards, documents, and guidance include:
ISO/IEC 13335-1:2204
Information technology – Security techniques – Management of information and communications technology security – Part 1:Concepts and models for information and communications technology security management
ISO/IEC 15408-1:2009
Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model
ISO/IEC 15408-2:2008
Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements
ISO/IEC 15408-3:2008
Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements

The Financial Management of Cyber Risk is a publication of the
American National Standards Institute (ANSI) and the Internet Security Alliance (ISA).

The Financial Impact of Cyber Risk
  Find
 
GlobalSpec - The Engineering Search Engine

 

ANSI Copyright
eStandards Store home page Cart Alert Account Download Frequently Asked Questions Privacy Policy Contact Us Help