The National Science and Technology Council has released the Federal Plan for Cyber Security and Information Assurance Research and Development. The plan provides “baseline information and a technical framework for coordinated multiagency R&D in cyber security and information assurance.” It covers vulnerabilities, threats, and risk, and provides technical perspectives on subjects ranging from authentication and access control to wireless to software testing and assessment tools. An appendix provides roles and responsibilities of the members of the working group that created the report.@ The Report is at SM Online.
In Information Security Governance Simplified, author Todd Fitzgerald provides an excellent overview on how security managers can create an effective information security program without breaking the bank. He shows the reader how to create a governance program that includes all of the necessary managerial, technical, and operational controls.