Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Security Guide for Government Executives



Pauline Bowen, Elizabeth Chew, Joan Hash


Information Security Guide for Government Executives provides a broad overview of information security program concepts to assist senior leaders in understanding how to oversee and support the development and implementation of information security programs. Management is responsible for: (1) Establishing the organization's information security program; (2) Setting program goals and priorities that support the mission of the organization; and (3) Making sure resources are available to support the security program and make it successful. Senior leadership commitment to security is more important now than ever before. Studies have shown that senior management's commitment to information security initiatives is the number one critical element that impacts an information security program's success. Meeting this need necessitates senior leadership to focus on effective information security governance and support which requires integration of security into the strategic and daily operations of an organization. When considering this challenge, five key security questions emerge for the executive: (1) What are the information security laws, regulations, standards, and guidance that I need to understand to build an effective security program? (2) What are the key activities to build an effective security program? (3) Why do I need to invest in security? (4) Where do I need to focus my attention in accomplishing critical security goals? (5) Where can I learn more to assist me in evaluating the effectiveness of my security program? This guide provides the answers to those questions.
NIST Interagency/Internal Report (NISTIR) - 7359
Report Number


information security, information security program elements, security laws, security program, security regulations and standards


Bowen, P. , Chew, E. and Hash, J. (2007), Information Security Guide for Government Executives, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed February 24, 2024)
Created January 1, 2007, Updated November 10, 2018