Software Engineering Institute

This article presents a summary of ten leading sources of security practice definition and implementation guidance. It uses ISO 27002 as a foundation (given its international standard status and broad, installed base) and builds on and augments it with additional source material. A summary of publicly available CERT course materials is presented to aid in practice implementation. The content in this article can be used independently or in concert with the approaches described in the other articles in this content area.