Information Security Policies, Procedures, and Standards: A Practitioner's Reference

Information Security Policies, Procedures, and Standards: A Practitioner's Reference

By: Douglas Landoll (author)Hardback

In Stock

£42.74 RRP £44.99  You save £2.25 (5%) With FREE Saver Delivery


Information Security Policies, Procedures, and Standards: A Practitioner's Reference gives you a blueprint on how to develop effective information security policies and procedures. It uses standards such as NIST 800-53, ISO 27001, and COBIT, and regulations such as HIPAA and PCI DSS as the foundation for the content. Highlighting key terminology, policy development concepts and methods, and suggested document structures, it includes examples, checklists, sample policies and procedures, guidelines, and a synopsis of the applicable standards. The author explains how and why procedures are developed and implemented rather than simply provide information and examples. This is an important distinction because no two organizations are exactly alike; therefore, no two sets of policies and procedures are going to be exactly alike. This approach provides the foundation and understanding you need to write effective policies, procedures, and standards clearly and concisely. Developing policies and procedures may seem to be an overwhelming task. However, by relying on the material presented in this book, adopting the policy development techniques, and examining the examples, the task will not seem so daunting. You can use the discussion material to help sell the concepts, which may be the most difficult aspect of the process. Once you have completed a policy or two, you will have the courage to take on even more tasks. Additionally, the skills you acquire will assist you in other areas of your professional and private life, such as expressing an idea clearly and concisely or creating a project plan.

Create a review

About Author

Doug Landoll is an information security author, consultant, teacher, and business owner who always brings a unique mix of business strategy, technical know-how, and pragmatic approaches to current information security topics. When he is not performing risk assessments or writing policies, he is coming up with better approaches and methods and preparing for his next class or book. Mr. Landoll holds a CISSP, a computer science degree from James Madison University, and an MBA from the University of Texas, Austin. In 2013, Mr. Landoll was inducted as a Distinguished Fellow by the Information Systems Security Association (ISSA).


Introduction No Short Cuts Top-Down Security Current State of Information Security Policy Sets Effectiveness of Information Security Policy Sets Exercises Information Security Policy Basics Information Security Policy Types Exercises Information Security Policy Framework Information Security Policy Sets without Frameworks Information Security Policy Sets with Frameworks Common Information SPFs Tailoring Information SPFs Deriving a Policy Set from a Framework Exercises Information Security Policy Details Front Matter Policy Statements Specific Information Security Policies Policy Document Examples Exercises Information Security Procedures and Standards Less Formal Language and Structure Various Purposes of the Standard and Guideline Information Security Procedures Exercises Information Security Policy Projects Scoping the Project Information Security Policy Project Roles Information Security Policy Project Phases Information Security Policy Revision Project Information Security Policy Project Application Exercises Appendices Example Policies (FISMA Framework) Example Departmental Policy Tailoring Guide

Product Details

  • publication date: 15/06/2016
  • ISBN13: 9781482245899
  • Format: Hardback
  • Number Of Pages: 254
  • ID: 9781482245899
  • weight: 498
  • ISBN10: 1482245892

Delivery Information

  • Saver Delivery: Yes
  • 1st Class Delivery: Yes
  • Courier Delivery: Yes
  • Store Delivery: Yes

Prices are for internet purchases only. Prices and availability in WHSmith Stores may vary significantly