Information Security Policies and Procedures: A Practitioner's Reference (2nd Revised edition)

Information Security Policies and Procedures: A Practitioner's Reference (2nd Revised edition)

By: Thomas R. Peltier (author)Hardback

More than 4 weeks availability


Information Security Policies and Procedures: A Practitioner's Reference, Second Edition illustrates how policies and procedures support the efficient running of an organization. This book is divided into two parts, an overview of security policies and procedures, and an information security reference guide. This volume points out how security documents and standards are key elements in the business process that should never be undertaken to satisfy a perceived audit or security requirement. Instead, policies, standards, and procedures should exist only to support business objectives or mission requirements; they are elements that aid in the execution of management policies. The book emphasizes how information security must be integrated into all aspects of the business process. It examines the 12 enterprise-wide (Tier 1) policies, and maps information security requirements to each. The text also discusses the need for top-specific (Tier 2) policies and application-specific (Tier 3) policies and details how they map with standards and procedures. It may be tempting to download some organization's policies from the Internet, but Peltier cautions against that approach. Instead, he investigates how best to use examples of policies, standards, and procedures toward the achievement of goals. He analyzes the influx of national and international standards, and outlines how to effectively use them to meet the needs of your business.

Create a review


INFORMATION SECURITY POLICIES AND PROCEDURES Introduction Corporate Policies Organizationwide (Tier 1) Policies Organizationwide Policy Document Legal Requirements Duty of Loyalty Duty of Care Other Laws and Regulations Business Requirements Where to Begin? Summary Why Manage This Process as a Project? Introduction First Things First: Identify the Sponsor Defining the Scope of Work Time Management Cost Management Planning for Quality Managing Human Resources Creating a Communications Plan Summary Planning and Preparation Introduction Objectives of Policies, Standards, and Procedures Employee Benefits Preparation Activities Core and Support Teams Focus Groups What to Look for in a Good Writer and Editor Development Responsibilities Other Considerations Key Factors in Establishing the Development Cost Reference Works Milestones Responsibilities Development Checklist Summary Developing Policies Policy Is the Cornerstone Why Implement Information Security Policy? Some Major Points for Establishing Policies What Is a Policy? Definitions Policy Key Elements Policy Format Additional Hints Pitfalls to Avoid Summary Asset Classification Policy Introduction Overview Why Classify Information? What Is Information Classification? Where to Begin? Resist the Urge to Add Categories What Constitutes Confidential Information? Employee Responsibilities Classification Examples Declassification or Reclassification of Information Records Management Policy Information Handling Standards Matrix Information Classification Methodology Authorization for Access Summary Developing Standards Introduction Overview Where Do Standards Belong? What Does a Standard Look Like? Where Do I Get the Standards? Sample Information Security Manual Summary Developing Procedures Introduction Overview Important Procedure Requirements Key Elements in Procedure Writing Procedure Checklist Getting Started Procedure Styles Procedure Development Review Observations Summary Creating a Table of Contents Introduction Document Layout Document Framework Preparing a Draft Table of Contents Sections to Consider Summary Understanding How to Sell Policies, Standards, and Procedures Introduction Believe in What You Are Doing Return on Investment for Security Functions Effective Communication Keeping Management Interested in Security Why Policies, Standards, and Procedures Are Needed The Need for Controls Where to Begin? Summary Appendix 1A Typical Tier 1 Policies Introduction Tier 1 Policies Employee Standards of Conduct Conflict of Interest Employment Practices Records Management Corporate Communications Electronic Communications Internet Security Internet Usage and Responsibility Statement Employee Discipline General Security Business Continuity Planning Information Protection Information Classification Appendix 1B Typical Tier 2 Policies Introduction Electronic Communications Internet Security Internet Usage and Responsibility Statement Computer and Network Management Anti-Virus Policy Computer and Network Management Personnel Security Systems Development and Maintenance Policy Application Access Control Policy Data and Software Exchange Policy Network Access Control Network Management Policy Information Systems' Operations Policy Physical and Environmental Security User Access Policy Employment Agreement Appendix 1C Sample Standards Manual Introduction The Company Information Security Standards Manual Table of Contents Preface Corporate Information Security Policy Responsibilities Standards Appendix 1D Sample Information Security Manual The Company Information Security Policy Manual General What Are We Protecting? User Responsibilities Access Control Policy Penalty for Security Violation Security Incident Handling Procedures Virus and Worm Incidents Malicious Hacker Incidents INFORMATION SECURITY REFERENCE GUIDE Introduction to Information Security Definition of Information What is Information Security? Why Do We Need To Protect Information? What Information Should Be Protected? Fundamentals of Information Security Introduction Information Availability (Business Continuity) Information Integrity Information Confidentiality Employee Responsibilities Introduction Owner Custodian User Information Classification Introduction Classification Process Reclassification Information Handling Introduction Information Labeling Information Use and Duplication Information Storage Information Disposal Tools of Information Security Introduction Access Authorization Access Control Backup and Recovery Awareness Information Processing General Right to Review Desktop Processing Training Physical Security Proprietary Software - Controls and Security Software Code of Ethics Computer Virus Security Office Automation Information Security Program Administration Introduction Corporate Information Systems Steering Committee Corporate Information Security Program Organization Information Security Program Baseline Organization Information Security Program Introduction Pre-Program Development Program Development Phase Program Implementation Phase Program Maintenance Phase Appendix 2A Information Handling Procedures Matrix Glossary Information Identification Worksheet Information Risk Assessment Worksheet Summary and Controls Worksheet Risk Assessment: Self-assessment Questionnaire

Product Details

  • publication date: 11/06/2004
  • ISBN13: 9780849319587
  • Format: Hardback
  • Number Of Pages: 412
  • ID: 9780849319587
  • weight: 725
  • ISBN10: 0849319587
  • edition: 2nd Revised edition

Delivery Information

  • Saver Delivery: Yes
  • 1st Class Delivery: Yes
  • Courier Delivery: Yes
  • Store Delivery: Yes

Prices are for internet purchases only. Prices and availability in WHSmith Stores may vary significantly