Information Security Policies and Procedures A Practitioner's Reference

ISBN-10: 0849319587
ISBN-13: 9780849319587
Edition: 2nd 2004 (Revised)
List price: $125.95 Buy it from $27.63
eBook available
This item qualifies for FREE shipping

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description: The book illustrates how policies and procedures support the efficient running of an organization. This volume points out how security documents and standards are key elements in the business process, but should never be undertaken to satisfy a  More...

Used Starting from $76.42
New Starting from $135.27
eBooks Starting from $50.38
Rent
Buy
what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!

Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
Periodic Table Online content $4.95 $1.99
Add to cart
Study Briefs
SQL Online content $4.95 $1.99
Add to cart
Study Briefs
MS Excel® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS Word® 2010 Online content $4.95 $1.99

Customers also bought

Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $125.95
Edition: 2nd
Copyright year: 2004
Publisher: Auerbach Publishers, Incorporated
Publication date: 6/11/2004
Binding: Hardcover
Pages: 412
Size: 6.25" wide x 9.25" long x 1.00" tall
Weight: 1.892
Language: English

The book illustrates how policies and procedures support the efficient running of an organization. This volume points out how security documents and standards are key elements in the business process, but should never be undertaken to satisfy a perceived audit or security requirement. Instead, policies, standards, and procedures should exist only to support business objectives or mission requirements; they are elements that aid in the execution of management policies. This treatment details how security policies support management's directions. The authors emphasize how information security must be integrated into all business processes. They examine Tier 1, Tier 2, and Tier 3 policies.

Peltier has numerous years of field experience in corporate information security, and is a member of the Advisory Council of the Computer Security Institute (CSI).

Acknowledgments
About the Author
Introduction
Information Security Policies and Procedures
Introduction
Corporate Policies
Organizationwide (Tier 1) Policies
Organizationwide Policy Document
Legal Requirements
Duty of Loyalty
Duty of Care
Other Laws and Regulations
Business Requirements
Where to Begin?
Summary
Why Manage This Process as a Project?
Introduction
First Things First: Identify the Sponsor
Defining the Scope of Work
Time Management
Cost Management
Planning for Quality
Managing Human Resources
Creating a Communications Plan
Summary
Planning and Preparation
Introduction
Objectives of Policies, Standards, and Procedures
Employee Benefits
Preparation Activities
Core and Support Teams
Focus Groups
What to Look for in a Good Writer and Editor
Development Responsibilities
Other Considerations
Key Factors in Establishing the Development Cost
Reference Works
Milestones
Responsibilities
Development Checklist
Summary
Developing Policies
Policy Is the Cornerstone
Why Implement Information Security Policy?
Some Major Points for Establishing Policies
What Is a Policy?
Definitions
Policy Key Elements
Policy Format
Additional Hints
Pitfalls to Avoid
Summary
Asset Classification Policy
Introduction
Overview
Why Classify Information?
What Is Information Classification?
Where to Begin?
Resist the Urge to Add Categories
What Constitutes Confidential Information?
Employee Responsibilities
Classification Examples
Declassification or Reclassification of Information
Records Management Policy
Information Handling Standards Matrix
Information Classification Methodology
Authorization for Access
Summary
Developing Standards
Introduction
Overview
Where Do Standards Belong?
What Does a Standard Look Like?
Where Do I Get the Standards?
Sample Information Security Manual
Summary
Developing Procedures
Introduction
Overview
Important Procedure Requirements
Key Elements in Procedure Writing
Procedure Checklist
Getting Started
Procedure Styles
Procedure Development Review
Observations
Summary
Creating a Table of Contents
Introduction
Document Layout
Document Framework
Preparing a Draft Table of Contents
Sections to Consider
Summary
Understanding How to Sell Policies, Standards, and Procedures
Introduction
Believe in What You Are Doing
Return on Investment for Security Functions
Effective Communication
Keeping Management Interested in Security
Why Policies, Standards, and Procedures Are Needed
The Need for Controls
Where to Begin?
Summary
Typical Tier 1 Policies
Introduction
Tier 1 Policies
Employee Standards of Conduct
Conflict of Interest
Employment Practices
Records Management
Corporate Communications
Electronic Communications
Internet Security
Internet Usage and Responsibility Statement
Employee Discipline
General Security
Business Continuity Planning
Information Protection
Information Classification
Typical Tier 2 Policies
Introduction
Electronic Communications
Internet Security
Internet Usage and Responsibility Statement
Computer and Network Management
Anti-Virus Policy
Computer and Network Management
Personnel Security
Systems Development and Maintenance Policy
Application Access Control Policy
Data and Software Exchange Policy
Network Access Control
Network Management Policy
Information Systems' Operations Policy
Physical and Environmental Security
User Access Policy
Employment Agreement
Sample Standards Manual
Introduction
The Company Information Security Standards Manual
Table of Contents
Preface
Corporate Information Security Policy
Responsibilities
Standards
Sample Information Security Manual
The Company Information Security Policy Manual
General
What Are We Protecting?
User Responsibilities
Access Control Policy
Penalty for Security Violation
Security Incident Handling Procedures
Information Security Reference Guide
Introduction to Information Security
Definition of Information
What is Information Security?
Why Do We Need To Protect Information?
What Information Should Be Protected?
Fundamentals of Information Security
Introduction
Information Availability (Business Continuity)
Information Integrity
Information Confidentiality
Employee Responsibilities
Introduction
Owner
Custodian
User
Information Classification
Introduction
Classification Process
Reclassification
Information Handling
Introduction
Information Labeling
Information Use and Duplication
Information Storage
Information Disposal
Tools of Information Security
Introduction
Access Authorization
Access Control
Backup and Recovery
Awareness
Information Processing
General
Right to Review
Desktop Processing
Training
Physical Security
Proprietary Software--Controls and Security
Software Code of Ethics
Computer Virus Security
Office Automation
Information Security Program Administration
Introduction
Corporate Information Systems Steering Committee
Corporate Information Security Program
Organization Information Security Program
Baseline Organization Information Security Program
Introduction
Pre-Program Development
Program Development Phase
Program Implementation Phase
Program Maintenance Phase
Information Handling Procedures Matrix
Glossary
Information Identification Worksheet
Information Risk Assessment Worksheet
Summary and Controls Worksheet
Risk Assessment: Self-assessment Questionnaire
Index

×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×