Information Security Assurance for Executives
An international business companion to the 2002 OECD Guidelines for the Security of Networks and Information Systems: Towards a Culture of Security
Although I was already familiar with the original OECD paper, I only recently chanced across this impressive guide while researching for a security awareness module on trust and ethics. It was written by the International Chamber of Commerce (ICC) in conjunction with the Business and Industry Advisory Committee to the OECD (BIAC), and published back in 2003.
Towards a Culture of Security, based on a paper written way back in 1992, remains highly influential. The nine security principles espoused by the OECD have found their way into many other standards, policies and laws over the years.
The BIAC/ICC paper Information Security Assurance for Excecutives lays out a checklist based on the OECD principles.