1st Edition
Information Security Policies, Procedures, and Standards Guidelines for Effective Information Security Management
By Thomas R. Peltier
Copyright 2001
312 Pages
50 B/W Illustrations
by
Auerbach Publications
312 Pages
by
Auerbach Publications
Also available as eBook on:
By definition, information security exists to protect your organization's valuable information resources. But too often information security efforts are viewed as thwarting business objectives. An effective information security program preserves your information assets and helps you meet business objectives. Information Security Policies, Procedures, and Standards: Guidelines for Effective... Read more
Introduction
Writing Mechanics and the Message
Attention Spans
Key Concepts
Topic Sentence and Thesis Statement
The Message
Writing Don'ts
Summary
Policy Development
Introduction
Policy Definitions
Frequently Asked Questions
Polices are Not Enough
What is a Policy
Policy Format
Policy Content
Program Policy Examples
Topic-Specific Policy Statements
Additional Hints
Topic-Specific Subjects
Things to Remember
Additional Examples
Standards
Introduction
Where Does a Standard Go?
Policies are not Enough
What is a Standard
Security Organization
Assets Classification and Control
Personnel Security
Physical and Environmental Security
Computer and Network Management
Systems Access Control
Business Continuity Planning
Compliance
Writing Procedures
Introduction
Definitions
Writing Commandants
Key Elements in Procedure Writing
Procedure Checklist
Getting Started
Procedure Styles
Creating a Procedure
Summary
Security Awareness Program
Introduction
Key Goals of an Information Security Program
Key Elements of a Security Program
Security Awareness Program Goals
Identify Current Training Needs
Security Awareness Program Development
Methods Used to Convey the Awareness Message
Presentation Key Elements
Typical Presentation Format
When to do Awareness
The Information Security Message
Information Security Self-Assessment
Video Sources
Why Manage the Process as a Project
Introduction
First Things First - Identify the Sponsor
Defining the Scope of Work
Time Management
Policies and Procedures Project Sample WBS
Cost Management
Planning for Quality
Managing Human Resources
Creating a Communications Plan
Summary
Mission Statement
Setting the Scope
Background on your Position
Business Goals Versus Security Goals
Computer Security Objectives
Mission Statement Format
Allocation of Information Security Responsibilities
Mission Statement Examples
Support for the Mission Statement
Key Roles in Organizations
Business Objectives
Review
Information Technology - Code of Practice for Information Security Management
Scope
Terms and Definitions
Information Security Policy
Organization Security
Asset Classification and Control
Personnel Security
Physical and Environmental Security
Systems Development and Maintenance
Business Continuity Planning
Compliance
Review
References
Writing Mechanics and the Message
Attention Spans
Key Concepts
Topic Sentence and Thesis Statement
The Message
Writing Don'ts
Summary
Policy Development
Introduction
Policy Definitions
Frequently Asked Questions
Polices are Not Enough
What is a Policy
Policy Format
Policy Content
Program Policy Examples
Topic-Specific Policy Statements
Additional Hints
Topic-Specific Subjects
Things to Remember
Additional Examples
Standards
Introduction
Where Does a Standard Go?
Policies are not Enough
What is a Standard
Security Organization
Assets Classification and Control
Personnel Security
Physical and Environmental Security
Computer and Network Management
Systems Access Control
Business Continuity Planning
Compliance
Writing Procedures
Introduction
Definitions
Writing Commandants
Key Elements in Procedure Writing
Procedure Checklist
Getting Started
Procedure Styles
Creating a Procedure
Summary
Security Awareness Program
Introduction
Key Goals of an Information Security Program
Key Elements of a Security Program
Security Awareness Program Goals
Identify Current Training Needs
Security Awareness Program Development
Methods Used to Convey the Awareness Message
Presentation Key Elements
Typical Presentation Format
When to do Awareness
The Information Security Message
Information Security Self-Assessment
Video Sources
Why Manage the Process as a Project
Introduction
First Things First - Identify the Sponsor
Defining the Scope of Work
Time Management
Policies and Procedures Project Sample WBS
Cost Management
Planning for Quality
Managing Human Resources
Creating a Communications Plan
Summary
Mission Statement
Setting the Scope
Background on your Position
Business Goals Versus Security Goals
Computer Security Objectives
Mission Statement Format
Allocation of Information Security Responsibilities
Mission Statement Examples
Support for the Mission Statement
Key Roles in Organizations
Business Objectives
Review
Information Technology - Code of Practice for Information Security Management
Scope
Terms and Definitions
Information Security Policy
Organization Security
Asset Classification and Control
Personnel Security
Physical and Environmental Security
Systems Development and Maintenance
Business Continuity Planning
Compliance
Review
References
Biography
Thomas R. Peltier
