Information Security Policies, Procedures, and Standards Guidelines for Effective Information Security Management

Name: Information Security Policies, Procedures, and Standards Guidelines for Effective Information Security Management
Availability: InStock
ISBN: 9780849311376

ISBN-10: 0849311373

ISBN-13: 9780849311376

Edition: 2001

Authors: Thomas R. Peltier

List price: $120.00

30 day, 100% satisfaction guarantee!

Rent eBooks

180 day rental: $66.00 Expiration date: 10/20/2024

365 day rental: $78.00 Expiration date: 4/23/2025

Marketplace

3 new & used from $3.87

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

Providing the mechanics for policy, procedure, and standards development, Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management shows the reader what to look for when developing an enterprise's procedures. It examines the recommended industry standards and shows how to customize them to fit specific needs. Three major sections cover: writing policies, writing procedures, and writing standards. Each section can be used separately when needed, or as a whole to develop a comprehensive set of documents. The book contains checklists, sample policies, procedures, standards, guidelines, and a synopsis of the relevant BS 7799 and ISO…

Book details

List price: $120.00
Copyright year: 2001
Publisher: Auerbach Publishers, Incorporated
Publication date: 12/20/2001
Binding: Paperback
Pages: 312
Size: 7.09" wide x 9.84" long x 0.79" tall
Weight: 1.430

Peltier has numerous years of field experience in corporate information security, and is a member of the Advisory Council of the Computer Security Institute (CSI).



Acknowledgments


Introduction



Overview: Information Protection Fundamentals



Elements of Information Protection



More Than Just Computer Security



Roles and Responsibilities



Common Threats



Policies and Procedures



Risk Management



Typical Information Protection Program



Summary



Writing Mechanics and the Message



Attention Spans



Key Concepts



Topic Sentence and Thesis Statement



The Message



Writing Don't's



Summary



Policy Development



Policy Definitions



Frequently Asked Questions



Policies Are Not Enough: A Preliminary Look at Standards, Guidelines, and Procedures



Policy, Standards, Guidelines, and Procedures: Definitions and Examples



Policy Key Elements



Policy Format and Basic Policy Components



Policy Content Considerations



Program Policy Examples



Topic-Specific Policy Examples



Additional Hints



Topic-Specific Policy Subjects to Consider



An Approach for Success



Additional Examples



Summary



Mission Statement



Background on Your Position



Business Goals versus Security Goals



Computer Security Objectives



Mission Statement Format



Allocation of Information Security Responsibilities (ISO 17799-4.1.3)



Mission Statement Examples



Support for the Mission Statement



Key Roles in Organizations



Business Objectives



Review



Standards



Where Does a Standard Go?



What Is a Standard?



International Standards



Summary



Writing Procedures



Definitions



Writing Commandments



Key Elements in Procedure Writing



Procedure Checklist



Getting Started



Procedure Styles



Creating a Procedure



Summary



Information Classification



Introduction



Why Classify Information



What Is Information Classification?



Establish a Team



Developing the Policy



Resist the Urge to Add Categories



What Constitutes Confidential Information



Classification Examples



Declassification or Reclassification of Information



Information Classification Methodology



Authorization for Access



Summary



Security Awareness Program



Key Goals of an Information Security Program



Key Elements of a Security Program



Security Awareness Program Goals



Identify Current Training Needs



Security Awareness Program Development



Methods Used to Convey the Awareness Message



Presentation Key Elements



Typical Presentation Format



When to Do Awareness



The Information Security Message



Information Security Self-Assessment



Conclusion



Why Manage This Process as a Project?



First Things First--Identify the Sponsor



Defining the Scope of Work



Time Management



Cost Management



Planning for Quality



Managing Human Resources



Creating a Communications Plan



Summary



Information Technology: Code of Practice for Information Security Management



Scope



Terms and Definitions



Information Security Policy



Organization Security



Asset Classification and Control



Personnel Security



Physical and Environmental Security



Communications and Operations Management



Access Control Policy



Systems Development and Maintenance



Business Continuity Planning



Compliance



Review


Appendices



Policy Baseline Checklist


Policy Baseline



Sample Corporate Policies


Conflict of Interest


Employee Standards of Conduct


External Corporate Communications


Information Protection


General Security



List of Acronyms



Sample Security Policies


Network Security Policy


Business Continuity Planning


Dial-In Access


Access Control


Communications Security Policy


Software Development Policy


System and Network Security Policy


Electronic Communication Policy


Sign-On Banner


Standards of Conduct for Electronic Communications


E-Mail Access Policy


Internet E-Mail


Software Usage



Job Descriptions


Chief Information Officer (CIO)


Information Security Manager


Security Administrator


Firewall Administrator, Information Security



Security Assessment



Security Policy



Organizational Suitability



Physical Security



Business Impact Analysis, Continuity Planning Processes



Technical Safeguards



Telecommunications Security



References


About the Author


Index