Information Security Policies and Procedures

"Information Security Policies and Procedures: A Practitioner's Reference, Second Edition" illustrates how policies and procedures support the efficient running of an organization. This book is divided into two parts, an overview of security policies and procedures, and an information security reference guide. This volume points out how security documents and standards are key elements in the business process that should never be undertaken to satisfy a perceived audit or security requirement. Instead, policies, standards, and procedures should exist only to support business objectives or mission requirements; they are elements that aid in the execution of management policies.The book emphasizes how information security must be integrated into all aspects of the business process. It examines the 12 enterprise-wide (Tier 1) policies, and maps information security requirements to each. The text also discusses the need for top-specific (Tier 2) policies and application-specific (Tier 3) policies and details how they map with standards and procedures. It may be tempting to download some organization's policies from the Internet, but Peltier cautions against that approach. Instead, he investigates how best to use examples of policies, standards, and procedures toward the achievement of goals. He analyzes the influx of national and international standards, and outlines how to effectively use them to meet the needs of your business.

(Bookdata)

Bli först med att recensera och betygsätt boken Information Security Policies and Procedures - du kan vinna 200 kr varje månad i tävlingen "Månadens recension".

The path to information security is a long one, but in this book author Thomas Peltier makes the scenery attractive along the way. Peltier walks the reader through [the text] with clarity, completeness, and humor.

(Bookdata)

INFORMATION SECURITY POLICIES AND PROCEDURES Introduction Corporate Policies Organizationwide (Tier 1) Policies Organizationwide Policy Document Legal Requirements Duty of Loyalty Duty of Care Other Laws and Regulations Business Requirements Where to Begin? Summary Why Manage This Process as a Project? Introduction First Things First: Identify the Sponsor Defining the Scope of Work Time Management Cost Management Planning for Quality Managing Human Resources Creating a Communications Plan Summary Planning and Preparation Introduction Objectives of Policies, Standards, and Procedures Employee Benefits Preparation Activities Core and Support Teams Focus Groups What to Look for in a Good Writer and Editor Development Responsibilities Other Considerations Key Factors in Establishing the Development Cost Reference Works Milestones Responsibilities Development Checklist Summary Developing Policies Policy Is the Cornerstone Why Implement Information Security Policy? Some Major Points for Establishing Policies What Is a Policy? Definitions Policy Key Elements Policy Format Additional Hints Pitfalls to Avoid Summary Asset Classification Policy Introduction Overview Why Classify Information? What Is Information Classification? Where to Begin? Resist the Urge to Add Categories What Constitutes Confidential Information? Employee Responsibilities Classification Examples Declassification or Reclassification of Information Records Management Policy Information Handling Standards Matrix Information Classification Methodology Authorization for Access Summary Developing Standards Introduction Overview Where Do Standards Belong? What Does a Standard Look Like? Where Do I Get the Standards? Sample Information Security Manual Summary Developing Procedures Introduction Overview Important Procedure Requirements Key Elements in Procedure Writing Procedure Checklist Getting Started Procedure Styles Procedure Development Review Observations Summary Creating a Table of Contents Introduction Document Layout Document Framework Preparing a Draft Table of Contents Sections to Consider Summary Understanding How to Sell Policies, Standards, and Procedures Introduction Believe in What You Are Doing Return on Investment for Security Functions Effective Communication Keeping Management Interested in Security Why Policies, Standards, and Procedures Are Needed The Need for Controls Where to Begin? Summary Appendix 1A Typical Tier 1 Policies Introduction Tier 1 Policies Employee Standards of Conduct Conflict of Interest Employment Practices Records Management Corporate Communications Electronic Communications Internet Security Internet Usage and Responsibility Statement Employee Discipline General Security Business Continuity Planning Information Protection Information Classification Appendix 1B Typical Tier 2 Policies Introduction Electronic Communications Internet Security Internet Usage and Responsibility Statement Computer and Network Management Anti-Virus Policy Computer and Network Management Personnel Security Systems Development and Maintenance Policy Application Access Control Policy Data and Software Exchange Policy Network Access Control Network Management Policy Information Systems' Operations Policy Physical and Environmental Security User Access Policy Employment Agreement Appendix 1C Sample Standards Manual Introduction The Company Information Security Standards Manual Table of Contents Preface Corporate Information Security Policy Responsibilities Standards Appendix 1D Sample Information Security Manual The Company Information Security Policy Manual General What Are We Protecting? User Responsibili

(Bookdata)