NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Information Security Guide for Government Executives

Published

Author(s)

Pauline Bowen, Elizabeth Chew, Joan Hash

Abstract

Information Security Guide for Government Executives provides a broad overview of information security program concepts to assist senior leaders in understanding how to oversee and support the development and implementation of information security programs. Management is responsible for: (1) Establishing the organization's information security program; (2) Setting program goals and priorities that support the mission of the organization; and (3) Making sure resources are available to support the security program and make it successful. Senior leadership commitment to security is more important now than ever before. Studies have shown that senior management's commitment to information security initiatives is the number one critical element that impacts an information security program's success. Meeting this need necessitates senior leadership to focus on effective information security governance and support which requires integration of security into the strategic and daily operations of an organization. When considering this challenge, five key security questions emerge for the executive: (1) What are the information security laws, regulations, standards, and guidance that I need to understand to build an effective security program? (2) What are the key activities to build an effective security program? (3) Why do I need to invest in security? (4) Where do I need to focus my attention in accomplishing critical security goals? (5) Where can I learn more to assist me in evaluating the effectiveness of my security program? This guide provides the answers to those questions.
Citation
NIST Interagency/Internal Report (NISTIR) - 7359
Report Number
7359
NIST Pub Series
NIST Interagency/Internal Report (NISTIR)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.IR.7359

Keywords

information security, information security program elements, security laws, security program, security regulations and standards
Cybersecurity and privacy

Citation

Bowen, P. , Chew, E. and Hash, J. (2007), Information Security Guide for Government Executives, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.7359 (Accessed October 14, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created January 1, 2007, Updated November 10, 2018
Was this page helpful?