The link below leads to an example information security governance framework, based on the NIST Risk Management Framework (NIST SP800). It was created a few years back (around 2009) as an example for corporate departmental heads, CIOs, CISOs and security managers .
The handbook provides information that the audience can use in building their information security program strategy. While there are differences between federal and private sector environments, especially in terms of priorities and legal requirements, the underlying principles of information security are the same. The handbook is therefore useful to any manager who requires a broad overview of information security practices.
The pages in the section are presented “as is. “I have no immediate plans to update the material. Some of the links may be outdated by now, sorry for any inconvenience.
