Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management, 1st Edition (Paperback) book cover

Information Security Policies, Procedures, and Standards

Guidelines for Effective Information Security Management, 1st Edition

By Thomas R. Peltier

Auerbach Publications

312 pages | 50 B/W Illus.

Purchasing Options:$ = USD
Paperback: 9780849311376
pub: 2001-12-20
SAVE ~$23.00
$115.00
$92.00
x
eBook (VitalSource) : 9780429114717
pub: 2016-04-19
from $55.00


FREE Standard Shipping!

Description

By definition, information security exists to protect your organization's valuable information resources. But too often information security efforts are viewed as thwarting business objectives. An effective information security program preserves your information assets and helps you meet business objectives. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management provides the tools you need to select, develop, and apply a security program that will be seen not as a nuisance but as a means to meeting your organization's goals.

Divided into three major sections, the book covers: writing policies, writing procedures, and writing standards. Each section begins with a definition of terminology and concepts and a presentation of document structures. You can apply each section separately as needed, or you can use the entire text as a whole to form a comprehensive set of documents. The book contains checklists, sample policies, procedures, standards, guidelines, and a synopsis of British Standard 7799 and ISO 17799.

Peltier provides you with the tools you need to develop policies, procedures, and standards. He demonstrates the importance of a clear, concise, and well-written security program. His examination of recommended industry best practices illustrates how they can be customized to fit any organization's needs. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management helps you create and implement information security procedures that will improve every aspect of your enterprise's activities.

Table of Contents

Introduction

Writing Mechanics and the Message

Attention Spans

Key Concepts

Topic Sentence and Thesis Statement

The Message

Writing Don'ts

Summary

Policy Development

Introduction

Policy Definitions

Frequently Asked Questions

Polices are Not Enough

What is a Policy

Policy Format

Policy Content

Program Policy Examples

Topic-Specific Policy Statements

Additional Hints

Topic-Specific Subjects

Things to Remember

Additional Examples

Standards

Introduction

Where Does a Standard Go?

Policies are not Enough

What is a Standard

Security Organization

Assets Classification and Control

Personnel Security

Physical and Environmental Security

Computer and Network Management

Systems Access Control

Business Continuity Planning

Compliance

Writing Procedures

Introduction

Definitions

Writing Commandants

Key Elements in Procedure Writing

Procedure Checklist

Getting Started

Procedure Styles

Creating a Procedure

Summary

Security Awareness Program

Introduction

Key Goals of an Information Security Program

Key Elements of a Security Program

Security Awareness Program Goals

Identify Current Training Needs

Security Awareness Program Development

Methods Used to Convey the Awareness Message

Presentation Key Elements

Typical Presentation Format

When to do Awareness

The Information Security Message

Information Security Self-Assessment

Video Sources

Why Manage the Process as a Project

Introduction

First Things First - Identify the Sponsor

Defining the Scope of Work

Time Management

Policies and Procedures Project Sample WBS

Cost Management

Planning for Quality

Managing Human Resources

Creating a Communications Plan

Summary

Mission Statement

Setting the Scope

Background on your Position

Business Goals Versus Security Goals

Computer Security Objectives

Mission Statement Format

Allocation of Information Security Responsibilities

Mission Statement Examples

Support for the Mission Statement

Key Roles in Organizations

Business Objectives

Review

Information Technology - Code of Practice for Information Security Management

Scope

Terms and Definitions

Information Security Policy

Organization Security

Asset Classification and Control

Personnel Security

Physical and Environmental Security

Systems Development and Maintenance

Business Continuity Planning

Compliance

Review

References

Subject Categories

BISAC Subject Codes/Headings:
BUS073000
BUSINESS & ECONOMICS / Commerce
COM032000
COMPUTERS / Information Technology
COM053000
COMPUTERS / Security / General