Information Security Policies Made Easy, Version 10

Features

• Cover Type: Hard Cover with 739 pages
• Published by: Information Shield May 1, 2005
• Written in: English
• ISBN 10 Number: 1881585131
• ISBN 13 Number: 978-1881585138
• Book Dimensions: 11.1 x 8.5 x 1.8 inches
• Weighs: 4.6 pounds

Product Description
Information Security Policies Made Easy, Version ten is the new and updated version of the best-selling policy resource by Charles Cresson Wood, CISSP, CISA, CISM. Based on the twenty year consulting and security experience of Mr. Wood, ISPME is the most complete policy resource available. ISPME Version ten has everything you need to build a due-care security policy environment, including: 1. A complete policy library with over 1350 individual pre-written security policies including: Coverage of the latest technical, legal and regulatory issues. ISO 17799 outline format, allowing for easy gap-analysis against existing standards and security frameworks. Expert commentary discussing the risks mitigated by each policy. Target audience (management, technical, or user) and security environment (low, medium, high) for each policy. Policy coverage maps for Sarbanes-Oxley (COBIT) and HIPAA security 2. Eighteen complete pre-written security policy documents that every company should have, updated and ready to use "as is" or with easy customization, including: User-targeted policies such as: Electronic Mail Policy, Internet Security Policy for End Users and Web Privacy Policy. Organization-wide policies such as: High-Level Security Policy, Privacy policy, Information Ownership Policy. Technology-based policies such as: Firewall Policy, Data Classification Policy and Network Security Policy. Sample risk acceptance memo for the approval of out of compliance situations, a sample non-disclosure agreement, and a user policy acceptance agreement. 3. Expert advice on the policy development and review process, including: A step-by-step checklist of policy development tasks to quickly start a policy development project. Helpful tips and tricks for getting management buy-in for information security policies and education. Tips and techniques for raising security policy awareness. Real-world examples of problems caused by missing or poor security policies. Policy development resources such as Information Security Periodicals, professional associations and related security organizations. 4. All content available on an easy-to-use CD-ROM with an indexed and searchable HTML interface for easy location, featuring: • Policies available in HTML, PDF, MS-Word format. • Easy cut-and-paste into existing corporate documents. • Extensive cross-references between policies that help the user quickly understand alternative solutions and complimentary controls. ISPME V10 policies cover these important security topics: • Access Control • Data Classification and Control • Risk Assessments • Password and user ID management • Logging Controls • Encryption and Digital Signatures • Instant messaging, PDAs and “smart” phones • Personnel Security including Security Awareness and Training • Data Privacy Management for employees and customers • Corporate governance, including Sarbanes-Oxley • Electronic mail, viruses, malicious code protection, and social engineering attacks, including “phishing” scams • Preventing and responding to identity theft • Network security including wireless and Voice Over Internet Protocol (VOIP) • Security, configuration, and management firewalls • Communication Security including telephones and FAX machines • Web site and e-commerce security • Security in 3rd party contracts, including outsourcing and off-shoring of IT projects • Document destruction, as well as retention of documents that may be used in court cases • Incident Response and Contingency planning • Telecommuting and mobile computing • “Honeypots” and intrusion detection systems • Effective software patch management including Open Source software • And many others! Information Security Policies Made Easy, Version 10.0 policies are organized around the ISO/IEC 17799 Security Standard. All contents co

About The Author
Charles Cresson Wood, CISA, CISSP, is an author and independent information security consultant based in Sausalito California. In the information security field on a full-time basis since 1979, he has worked as an information security management consultant at SRI International (formerly Stanford Research Institute) as well as lead network security consultant at Bank of America. He has done information security work with over 120 organizations ó many of them Fortune 500 companies ó including a large number of financial institutions and high-tech companies. His consulting work has taken him to over twenty different countries around the world. He is noted for his ability to integrate competing objectives (like ease-of-use, speed, flexibility and security) in customized and practical compromises that are acceptable to all parties involved. Acknowledging that information security is multi-disciplinary, multi-departmental, and often multi-organizational, he is additionally noted for his ability to synthesize a large number of complex considerations and then to document these in security architectures, system security requirements, risk assessments, project plans, policy statements, and other clear and action-oriented documents. He has published over 225 technical articles and five books in the information security field. In addition to TV and radio appearances, he has been quoted as an expert in publications such as Business Week, Christian Science Monitor, Computerworld, IEEE Spectrum, Infoworld, LA Times, Network Computing, Network World, PC Week, The Wall Street Journal, and Time. He has also presented cutting-edge information security ideas at over 100 technical and professional conferences around the globe. Mr. Wood is Senior North American Editor for the journals "Computers & Security" and "Computer Fraud & Security Bulletin", as well as a monthly columnist for "Computer Security Alert". He holds an MBA in financial information systems, an MSE in computer science, and a BSE in accounting from the Wharton School of Business at the University of Pennsylvania. He has passed the Certified Public Accountant (CPA) examination and is both a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP). In November 1996 he received the Lifetime Achievement Award from the Computer Security Institute for "sincere dedication to the computer security profession."

Reader Reviews
I keep books in two places, a small shelf near my computer that I can reach and a large bookshelf across the room. This book deserves a place on the small shelf within arm's reach. Version ten builds on the previous work and includes ISO 17799 outline format, policy coverage maps for Sarbanes-Oxley and coverage of the latest issues (technical, legal and regulatory.) I particularly appreciate the section on policy awareness. This is one of the biggest problems you run into. If you are a manager, before you ever make a decision, or approve a policy, look the topic up, there is a good chance you will see something you didn't think of. Let me give you an example, our company used to have a fairly long Non-Diclosure Agreement (NDA) prepared by our attorney for a specific purpose. However, we decided to create a simpler, general purpose NDA for all 1099 contractors. The lawyer created it and before I approved it I checked it against the book. I found three items that really should have been in our NDA that we would have missed, thank you Mr. Wood! If you are a techie, do you need this book? Sure, because everything we do as a techie or engineer has liability implications for the company. Each topic is very clear, concise, and well thought out. It takes a few seconds to look it up, about two minutes to read the section and that investment is well worth your time. Yes, this is an expensive book; however, it is worth the investment, every organization should have at least one copy. S. Comment | | (Report this)