1st Edition
Information Security Policies, Procedures, and Standards Guidelines for Effective Information Security Management
By definition, information security exists to protect your organization's valuable information resources. But too often information security efforts are viewed as thwarting business objectives. An effective information security program preserves your information assets and helps you meet business objectives. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management provides the tools you need to select, develop, and apply a security program that will be seen not as a nuisance but as a means to meeting your organization's goals.
Divided into three major sections, the book covers: writing policies, writing procedures, and writing standards. Each section begins with a definition of terminology and concepts and a presentation of document structures. You can apply each section separately as needed, or you can use the entire text as a whole to form a comprehensive set of documents. The book contains checklists, sample policies, procedures, standards, guidelines, and a synopsis of British Standard 7799 and ISO 17799.
Peltier provides you with the tools you need to develop policies, procedures, and standards. He demonstrates the importance of a clear, concise, and well-written security program. His examination of recommended industry best practices illustrates how they can be customized to fit any organization's needs. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management helps you create and implement information security procedures that will improve every aspect of your enterprise's activities.
Writing Mechanics and the Message
Attention Spans
Key Concepts
Topic Sentence and Thesis Statement
The Message
Writing Don'ts
Summary
Policy Development
Introduction
Policy Definitions
Frequently Asked Questions
Polices are Not Enough
What is a Policy
Policy Format
Policy Content
Program Policy Examples
Topic-Specific Policy Statements
Additional Hints
Topic-Specific Subjects
Things to Remember
Additional Examples
Standards
Introduction
Where Does a Standard Go?
Policies are not Enough
What is a Standard
Security Organization
Assets Classification and Control
Personnel Security
Physical and Environmental Security
Computer and Network Management
Systems Access Control
Business Continuity Planning
Compliance
Writing Procedures
Introduction
Definitions
Writing Commandants
Key Elements in Procedure Writing
Procedure Checklist
Getting Started
Procedure Styles
Creating a Procedure
Summary
Security Awareness Program
Introduction
Key Goals of an Information Security Program
Key Elements of a Security Program
Security Awareness Program Goals
Identify Current Training Needs
Security Awareness Program Development
Methods Used to Convey the Awareness Message
Presentation Key Elements
Typical Presentation Format
When to do Awareness
The Information Security Message
Information Security Self-Assessment
Video Sources
Why Manage the Process as a Project
Introduction
First Things First - Identify the Sponsor
Defining the Scope of Work
Time Management
Policies and Procedures Project Sample WBS
Cost Management
Planning for Quality
Managing Human Resources
Creating a Communications Plan
Summary
Mission Statement
Setting the Scope
Background on your Position
Business Goals Versus Security Goals
Computer Security Objectives
Mission Statement Format
Allocation of Information Security Responsibilities
Mission Statement Examples
Support for the Mission Statement
Key Roles in Organizations
Business Objectives
Review
Information Technology - Code of Practice for Information Security Management
Scope
Terms and Definitions
Information Security Policy
Organization Security
Asset Classification and Control
Personnel Security
Physical and Environmental Security
Systems Development and Maintenance
Business Continuity Planning
Compliance
Review
References
Biography
Thomas R. Peltier
