Information security guidelines and codes of practice - International

• OECD Guidelines for the Security of Information Systems and Networks. Developed by OECD governments with representatives of the information technology industry, business users, and civil society. Available in: English, French, Chinese, Hungarian, Italian, Norwegian, Polish, Russian, Slovak.
• OECD Culture of Security website with national resources from many OECD countries. Available in English and French. 
• ISO/IEC 15408-1:1999 Evaluation criteria for IT security. Internationally accredited standard for information security. Available for purchase only.
• ISO 17799 Code of Practice for Information Security Management. International accredited standard for information security. Originally developed by the British Standards Institute and known as BS7799. Available for purchase only.
• ITIL (IT Infrastructure Library). ITIL provides a cohesive set of best practice, drawn from the public and private sectors internationally. It is supported by a comprehensive qualification scheme, accredited training organisations, and implementation and assessment tools. The best-practice processes promoted in ITIL both support and are supported by the British Standards Institution's Standard for IT Service Management (BS15000).

Information security guidelines and resources - Asia Pacific

• AusCERT - Australian Computer Emergency Response Centre. Single, trusted point of contact in Australia for the Internet community to deal with computer security incidents and their prevention. Free e-mail advisories, mailing lists, newsgroups and other resources.
• Australian/New Zealand AS/NZ 17799:2001 Code of practice for Information Security Management.
• AS/NZS 4444.2 2000 (BS 7799.2:1999) Information Security Management Part 2.
• AS/NZS 4360:1999 Risk Management.
• e-Business Guide: Security issues and how to deal with them Developed by Western Australian Commerce.
• Government of Hong Kong Information Technology Services Department. Guidelines on IT Security. Guidelines on IT Security' introduces general concepts relating to information technology security, giving guidelines and considerations in defining security requirements across all computer platforms.
• Information Security Guidelines for New South Wales government agencies 2001. Guidelines are based on the Australia/New Zealand Information Security Management standard AS/NZ 4444 Parts 1 and 2.

Information security guidelines and resources - Europe

• German IT Baseline Protection Manual Standard security safeguards. Developed by the 'Bundesamt f¼r Sicherheit in der Informationstechnik' [2000].
• ITSEC (Information Technology Security Evaluation Criteria). ITSEC is recognised throughout Europe. It represents a single uniform standard adopted by the UK, France, Germany, the Netherlands and the European Commission, thereby reducing the need for products to be evaluated in individual countries.
• The Business Manager's Guide to Information Security. Developed by the UK Department of Trade and Industry. Its objective is to provide managers with information to enable you to start addressing the issues of information security.
• UK Alliance for Electronic Business Web Security Guidelines. Introductory guide to information security aimed especially at managers of small to medium enterprises.

Information security guidelines and resources  - US

• American Bar Association PKI Assessment Guidelines (released for consultation and comment - Summer 2001). Technical, legal, business, and policy issues related to public key cryptography and guidelines for assessing public key infrastructures. Available as a free download on the Internet.
• American Bar Association Digital Signature Guidelines. The first legal overview of the use of cryptology, electronic signatures, and entity authentication over an open network like the Internet. Available as a free download on the Internet.
• Center for Internet Security (CIS). CIS is a not-for-profit cooperative enterprise that helps organizations reduce the risk of business and e-commerce disruptions resulting from inadequate security configurations.
• CERT (Computer Emergency Response Team). Main US center handling computer security incidents and vulnerabilities, publishing security alerts, researching long-term changes in networked systems, and developing information and training. Based in Carnegie Mellon University.
  
  Helpful introductory advice at http://www.cert.org/homeusers/
• Common Sense for Senior Managers; Top Ten Recommended Information Security Practices'. US Internet Security Alliance, July 2002.
• "Common Sense Guide to Cyber Security for Small Businesses"
• US Internet Security Alliance
• Guidelines for American Medical Centers on Security and Privacy
• Information Security Guidelines The Direct Marketing Association
• Incident Handling Guidelines. US Dept. of Health and Human Services, National Institutes of Health, Center for Information Technology.
• SANS Institute. US research and education organisation on information security. Free resources include news digests, research summaries, security alerts and award-winning papers. The website also publishes sample policies on information security including policies on encryption, acceptable use, remote access to networks, etc.
• Unwanted E-mail, Spam, and Chain Letters. US Dept. of Health and Human Services, National Institutes of Health, Center for Information Technology.
• Technical Security Standard for Information Technology (TSSIT). A Canadian IT security guideline, which is similar to BS 7799 and available for free.