The following are resources that can help managers understand and plan for security. The topic of Managing Security is broad, so these links overlap with many other sections of the site.
Papers and Articles
Educause library section on Security Management: EDUCAUSE is a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. This site has lots of academic whitepapers and presentations on security management. The focus is on security within academia, but many of the issues are common to any business.
Bitpipe's collection of whitepapers: Bitpipe distributes content from over 3,500 leading IT vendors and over 60 top analyst firms including IDC, Aberdeen Group, Meta Group, and Yankee Group via the Bitpipe Network.
Handbook of Information Security Management: A somewhat technical, but useful document.
So Now You're Faced with Managing Security? Here's What to Expect…: A decent, short article on security management issues.
Managing security means locking the back door, too: Short, but cogent article from InfoWorld.
Managing Security of Information: here's a good business-level overview of security management issues.
The World Wide Web: Managing Security Risks: Although this article is about web security, it also covers a number of higher-level security management issues. The article is written for managers who need to understand web security implications.
Internet Strategy Guide (html) (pdf):
The entire document. Includes the Email Security and Internet Security
lectures below, although they've been re-written a bit for this
document. Does not include the slides, download those separately.
Lecture Notes/Slides for Internet Strategy Guide (html) (pdf):
These are the notes and slides used when lecturing on Internet
Strategy. They have additional content that is not directly part of the
Internet Strategy Guide and are worth an additional look.
Internet Security (html) (pdf):
This lecture is a shorter lecture that deals with Internet Security at
a fairly high level. It will most likely be revised when the Network
Security Illustrated book is finished.
Email Security (html) (pdf): A short lecture on using email in a secure manner.
Websites & Organizations
Security Management Online: An online compendium of security articles -- has a section on computer security but also covers other more traditional security realms.
The Institute of Internal Auditors: This site has tons of useful information on security management and general risk management pertaining to IT.
HIPPA Advisory: This site deals with management issues in achieving compliance with the HIPAA laws. A must read for companies that handle sensitive medical information.
COSAC: This organization hosts an annual symposium on information security that is highly respected and well attended.
ISSA: A not-for-profit , international organization of information security professoionals. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.
Books and Periodicals
Security Management Today: A UK-based magazine
Beyond Fear: Thinking Sensibly About Security in an Uncertain World: Bruce Schneier's latest book gives a layperson's overview of critical security concepts and issues in today's business world.
The above information supplements "Network Security Illustrated," published by McGraw-Hill and available from amazon.com, as well as your local bookstore. The book goes into much greater depth on this topic. To learn more about the book and what it covers, click here.
Below, you'll find links to online resources that supplement this portion of the book.