+612 9045 4394
Information Security Policies and Procedures : A Practitioner's Reference, Second Edition - Thomas R. Peltier

Information Security Policies and Procedures

A Practitioner's Reference, Second Edition

Sorry, the book that you are looking for is not available right now.

We did a search for other books with a similar title, and found some results for you that may be helpful.

Share This Book:

Information Security Policies and Procedures: A Practitionera (TM)s Reference, Second Edition illustrates how policies and procedures support the efficient running of an organization. This book is divided into two parts, an overview of security policies and procedures, and an information security reference guide. This volume points out how security documents and standards are key elements in the business process that should never be undertaken to satisfy a perceived audit or security requirement. Instead, policies, standards, and procedures should exist only to support business objectives or mission requirements; they are elements that aid in the execution of management policies.

The book emphasizes how information security must be integrated into all aspects of the business process. It examines the 12 enterprise-wide (Tier 1) policies, and maps information security requirements to each. The text also discusses the need for top-specific (Tier 2) policies and application-specific (Tier 3) policies and details how they map with standards and procedures.

It may be tempting to download some organizationa (TM)s policies from the Internet, but Peltier cautions against that approach. Instead, he investigates how best to use examples of policies, standards, and procedures toward the achievement of goals. He analyzes the influx of national and international standards, and outlines how to effectively use them to meet the needs of your business.

Industry Reviews

The path to information security is a long one, but in this book author Thomas Peltier makes the scenery attractive along the way. Peltier walks the reader through [the text] with clarity, completeness, and humor.

Acknowledgmentsp. xix
About the Authorp. xxi
Introductionp. xxiii
Information Security Policies and Procedures
Introductionp. 3
Corporate Policiesp. 4
Organizationwide (Tier 1) Policiesp. 4
Organizationwide Policy Documentp. 8
Legal Requirementsp. 10
Duty of Loyaltyp. 11
Duty of Carep. 11
Other Laws and Regulationsp. 12
Business Requirementsp. 13
Where to Begin?p. 14
Summaryp. 15
Why Manage This Process as a Project?p. 17
Introductionp. 17
First Things First: Identify the Sponsorp. 18
Defining the Scope of Workp. 19
Time Managementp. 21
Cost Managementp. 25
Planning for Qualityp. 26
Managing Human Resourcesp. 27
Creating a Communications Planp. 27
Summaryp. 28
Planning and Preparationp. 31
Introductionp. 31
Objectives of Policies, Standards, and Proceduresp. 31
Employee Benefitsp. 33
Preparation Activitiesp. 34
Core and Support Teamsp. 34
Focus Groupsp. 36
What to Look for in a Good Writer and Editorp. 36
Development Responsibilitiesp. 37
Other Considerationsp. 38
Key Factors in Establishing the Development Costp. 38
Reference Worksp. 41
Milestonesp. 41
Responsibilitiesp. 43
Development Checklistp. 43
Summaryp. 44
Developing Policiesp. 47
Policy Is the Cornerstonep. 47
Why Implement Information Security Policy?p. 47
Some Major Points for Establishing Policiesp. 48
What Is a Policy?p. 48
Definitionsp. 49
Policy Key Elementsp. 50
Policy Formatp. 55
Additional Hintsp. 77
Pitfalls to Avoidp. 78
Summaryp. 79
Asset Classification Policyp. 81
Introductionp. 81
Overviewp. 81
Why Classify Information?p. 82
What Is Information Classification?p. 83
Where to Begin?p. 84
Resist the Urge to Add Categoriesp. 87
What Constitutes Confidential Information?p. 88
Employee Responsibilitiesp. 91
Classification Examplesp. 95
Declassification or Reclassification of Informationp. 97
Records Management Policyp. 101
Information Handling Standards Matrixp. 102
Information Classification Methodologyp. 102
Authorization for Accessp. 108
Summaryp. 111
Developing Standardsp. 113
Introductionp. 113
Overviewp. 114
Where Do Standards Belong?p. 114
What Does a Standard Look Like?p. 116
Where Do I Get the Standards?p. 118
Sample Information Security Manualp. 118
Summaryp. 139
Developing Proceduresp. 141
Introductionp. 141
Overviewp. 141
Important Procedure Requirementsp. 142
Key Elements in Procedure Writingp. 146
Procedure Checklistp. 146
Getting Startedp. 147
Procedure Stylesp. 148
Procedure Development Reviewp. 158
Observationsp. 158
Summaryp. 162
Creating a Table of Contentsp. 165
Introductionp. 165
Document Layoutp. 166
Document Frameworkp. 166
Preparing a Draft Table of Contentsp. 168
Sections to Considerp. 172
Summaryp. 177
Understanding How to Sell Policies, Standards, and Proceduresp. 179
Introductionp. 179
Believe in What You Are Doingp. 179
Return on Investment for Security Functionsp. 180
Effective Communicationp. 181
Keeping Management Interested in Securityp. 183
Why Policies, Standards, and Procedures Are Neededp. 189
The Need for Controlsp. 192
Where to Begin?p. 195
Summaryp. 196
Typical Tier 1 Policiesp. 199
Introductionp. 199
Tier 1 Policiesp. 200
Employee Standards of Conductp. 201
Conflict of Interestp. 203
Employment Practicesp. 206
Records Managementp. 207
Corporate Communicationsp. 210
Electronic Communicationsp. 210
Internet Securityp. 211
Internet Usage and Responsibility Statementp. 212
Employee Disciplinep. 212
General Securityp. 214
Business Continuity Planningp. 215
Information Protectionp. 216
Information Classificationp. 216
Typical Tier 2 Policiesp. 221
Introductionp. 221
Electronic Communicationsp. 222
Internet Securityp. 223
Internet Usage and Responsibility Statementp. 224
Computer and Network Managementp. 224
Anti-Virus Policyp. 227
Computer and Network Managementp. 227
Personnel Securityp. 230
Systems Development and Maintenance Policyp. 231
Application Access Control Policyp. 233
Data and Software Exchange Policyp. 234
Network Access Controlp. 235
Network Management Policyp. 236
Information Systems' Operations Policyp. 237
Physical and Environmental Securityp. 238
User Access Policyp. 239
Employment Agreementp. 240
Sample Standards Manualp. 243
Introductionp. 243
The Company Information Security Standards Manualp. 243
Table of Contentsp. 243
Prefacep. 245
Corporate Information Security Policyp. 246
Responsibilitiesp. 247
Standardsp. 250
Sample Information Security Manualp. 269
The Company Information Security Policy Manualp. 269
Generalp. 269
What Are We Protecting?p. 270
User Responsibilitiesp. 274
Access Control Policyp. 276
Penalty for Security Violationp. 281
Security Incident Handling Proceduresp. 281
Information Security Reference Guide
Introduction to Information Securityp. 287
Definition of Informationp. 287
What is Information Security?p. 287
Why Do We Need To Protect Information?p. 287
What Information Should Be Protected?p. 290
Fundamentals of Information Securityp. 291
Introductionp. 291
Information Availability (Business Continuity)p. 291
Information Integrityp. 293
Information Confidentialityp. 294
Employee Responsibilitiesp. 297
Introductionp. 297
Ownerp. 297
Custodianp. 299
Userp. 299
Information Classificationp. 301
Introductionp. 301
Classification Processp. 304
Reclassificationp. 305
Information Handlingp. 307
Introductionp. 307
Information Labelingp. 307
Information Use and Duplicationp. 308
Information Storagep. 308
Information Disposalp. 309
Tools of Information Securityp. 311
Introductionp. 311
Access Authorizationp. 311
Access Controlp. 312
Backup and Recoveryp. 313
Awarenessp. 314
Information Processingp. 315
Generalp. 315
Right to Reviewp. 315
Desktop Processingp. 316
Trainingp. 316
Physical Securityp. 317
Proprietary Software--Controls and Securityp. 317
Software Code of Ethicsp. 318
Computer Virus Securityp. 318
Office Automationp. 319
Information Security Program Administrationp. 325
Introductionp. 325
Corporate Information Systems Steering Committeep. 325
Corporate Information Security Programp. 325
Organization Information Security Programp. 326
Baseline Organization Information Security Programp. 329
Introductionp. 329
Pre-Program Developmentp. 329
Program Development Phasep. 332
Program Implementation Phasep. 350
Program Maintenance Phasep. 352
p. 359
Information Handling Procedures Matrixp. 359
Glossaryp. 362
Information Identification Worksheetp. 364
Information Risk Assessment Worksheetp. 365
Summary and Controls Worksheetp. 366
Risk Assessment: Self-assessment Questionnairep. 367
Indexp. 373
Table of Contents provided by Rittenhouse. All Rights Reserved.

ISBN: 9780849319587
ISBN-10: 0849319587
Audience: Professional
Format: Hardcover
Language: English
Number Of Pages: 412
Published: 11th June 2004
Country of Publication: GB
Dimensions (cm): 23.5 x 15.88  x 2.54
Weight (kg): 0.7
Edition Number: 2
Edition Type: New edition