Setting up a new Information Assurance program...

dmoore44

So, I'm setting up a new IA program at work... and I need a little help.

I've been doing INFOSEC/COMPUSEC/COMSEC work for the last 5 or so years... but I've transitioned away from an established organization and joined a group that is still very new... and thus there aren't a lot of programs and policies in place.

So, with that being said, I need a little help setting up a new IA program... and was wondering if anyone knew of any resources that would help. Any advice, templates, etc... would help a great deal!

Thanks!

Regards,
DM

Computadora

I found this link which may be useful, specifically, NSTISSI-4011, CNSSI-4012, CNSSI-4013, and CNSSI 4014 instructions.

UNCLASSIFIED Index

tpatt100

SANS has a bunch of templates, somebody here pointed me there a while back. NIST guidelines are good to follow also. Some of your requirements depend on the industry you work in but there is a lot of cross over.

dmoore44

Computadora wrote: »

I found this link which may be useful, specifically, NSTISSI-4011, CNSSI-4012, CNSSI-4013, and CNSSI 4014 instructions.

UNCLASSIFIED Index

Cool! I appreciate the link - I had not come across that site yet.

I have come across a lot of the DoD IA directives and have copies of some of the policies from when I was in the Air Force, so I've been using them as guides for language and wording and such.

I checked SANS and NIST, but they didn't have what I was looking for (or I was kind of un-impressed).