There are Generally accepted accounting principles (GAAP) which "refer to the standard framework of guidelines for financial accounting used in any given jurisdiction; generally known as accounting standards or standard accounting practice. These include the standards, conventions, and rules that accountants follow in recording and summarizing and in the preparation of financial statements" (Wikipedia).
It is interesting to know that Generally accepted system security principles (GSSP) exist as well. They are defined by The National Institute of Standards and Technology (NIST) in the publication 800-14 and the goal is to apply them for "the use, protection, and design of government information and data systems", but they could be (and should be) successfully applied to commercial IT systems as well.
The generally accepted system security principles are:
The conclusion is very simple:
the security in your organization starts with your top management.
It is interesting to know that Generally accepted system security principles (GSSP) exist as well. They are defined by The National Institute of Standards and Technology (NIST) in the publication 800-14 and the goal is to apply them for "the use, protection, and design of government information and data systems", but they could be (and should be) successfully applied to commercial IT systems as well.
The generally accepted system security principles are:
- Computer Security Supports the Mission of the Organization
- Computer Security is an Integral Element of Sound Management
- Computer Security Should Be Cost-Effective
- Systems Owners Have Security Responsibilities Outside Their Own Organizations
- Computer Security Responsibilities and Accountability Should Be Made Explicit
- Computer Security Requires a Comprehensive and Integrated Approach
- Computer Security Should Be Periodically Reassessed
- Computer Security is Constrained by Societal Factors
The conclusion is very simple:
the security in your organization starts with your top management.
Comments
Post a Comment