 Ready to use information security policies that will save you time and money !
Information Security Policies Made Easy is the definitive resource tool for information security policies. Version 10 now includes an updated collection of 1360 + security policies and templates covering virtually every aspect of corporate security. Organised in ISO 17799 format and a web based CD-ROM version which is fully linked and searchable. Take the work out of creating, writing and implementing policies.Used by over 70% of the Fortune 100, Information Security Policies Made Easy is written by security policy expert and consultant Charles Cresson Wood, CISA, CISSP, who has over 20 years writing and implementing security policies for companies worldwide.
Information Security Policies Made Easy is literally an all-in-one security policy resource with templates, advice and instructions to help you generate practical, clear, and compelling information security policies for your organisation - whether your organisation is large or small.
This tool will save hours of time and thousands of dollars
developing information security and privacy policies.
Security policy samples are provided in print and CD form so they can be quickly and easily customised for any organisation using Microsoft Word or any well-known word processing program
Ready-to-use information security documents such as:
- 1360 + already-written information security policies accompanied by explanations and expert advice for each
- Policies organised based on the ISO 17799 outline
- Security policy samples are provided in print and on CD-ROM, with a web based application providing a fully linked and searchable version of the content, allowing users to quickly cut and paste policies into their own corporate documents.
- Ready-to-use information security documents such as: a risk acceptance memo for the approval of out of compliance situations, a non-disclosure agreement, and a user policy acceptance agreement
- Policies regarding the latest corporate security topics such as contingency planning with regards to terrorist attacks , reporting security incidents, network controls, Internet commerce privacy, and identity theft
- Security policies that incorporate the latest security technology such as macroviruses, digital certificates, encryption public key infrastructure (PKI), intrusion detection systems, data replication, spam (junk email), and data mining
- A step-by-step checklist of policy development tasks so that you can start immediately to get a policy development project underway
- Extensive cross-references between policies that help the user quickly understand alternative solutions and complimentary controls
What's new in Version 10.0?
The new Version 10 of Information Security Policies Made Easy now offers 1360 + security policy templates including new policies to address key corporate security issues such as:
- European government legislation such as the European Union Data Protection Directive
- Digital signatures, digital certificates, and Public Key Infrastructure (PKI)
- Recent security threats and attacks such as web bugs and viruses
- Contingency planning and reporting of security incidents related to terrorism
- Internet business usage, extranets, EDI over the Internet, e-commerce site protection, and Internet credit card fraud prevention/detection
- The establishment, maintenance, and modification of firewalls and other network perimeter security devices
- Dial-up communications security including connections made from wireless, mobile computers
- Operational systems management regarding intranets and internal systems interconnection
- Enterprise security management systems and consolidation of access control
- Social engineering and masquerading
Also new in Information Security Policies Made Easy Version 10:
- Policies organisation based on the ISO 17799 outline
- A graphic overview of the policy development process
- 18 security policies that every company should have, updated and ready to use "as is"
Information Security Policies Made Easy Version 10.0 covers virtually every aspect of corporate information security including:
|
|
|
|
|
- Outsourcing security functions
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We are proud of outstanding reviews like these:
"Charles Cresson Wood...is an expert's expert, and knows more about computer security policies than anyone I know."
-- Michael Alexander, Editor, Datamation
"This book is invaluable to those responsible for creating or maintaining an information security policy manual or similar documents."
-- Belden Menkus, Editor, EDPACS
"It gave us everything we needed to help us write standards and communicate [policies] in a clear, concise manner with no ambiguity or technical jargon ... the book paid for itself in two weeks."
--Jonah Goldsmith, Data Security Consultant to Large Medical Insurance Company, LAN Times
"If I could have only six books in my professional library, this would be one of them."
-- Dr. Harold Highland, Editor, Emeritus of Computers & Security magazine
"The [ISPME] guidelines have saved three months of manual effort that would have been required
to research and write policies."
-- Douglas Feil, EDP Audit Manager, City & County of San Francisco, Network Management Systems & Strategies
Take a look at who uses ISPME:
National Australia Bank
BHP Billiton
Integral Energy
Aurora Energy
Department of Corrective Services
Griffiths University
Flinders University
Southern Cross University
Harvard University
Ford Motor Company
Reuters
Australian Government Solicitor
City Council of Kingston, Victoria
Country Fire Authority, Victoria
AT&T
Blue Cross/Blue Shield
NIB Health
Hewlett Packard
Hyundai Electronics
Sumitomo Bank
Sun Microsystems
Johnson & Johnson
British Airways
Glaxo Wellcome
Citibank
Pfizer
DHL Express International
World Bank
Price Waterhouse Coopers
Ernst & Young
Proctor & Gamble
... and many others.
|
|
|
 This is a must have tool for anyone who is responsible for managing information security in an organisation !
This reference book provides practical advice on how to get management to pay more attention to information security and allocate realistic budgets for information security staffing. The book will help you quantify and generate more respect for the information security function within a company by pointing out ways that an information security team adds value to a business.
"It includes 40 different job descriptions, 24 organisational mission statements, 15 alternative reporting relationships, and the most comprehensive set of already-written information security roles & responsibilities documents available anywhere."
Top management in many organisations believe that information security work is done only by the Information Security Department. This old-fashioned view prevents organisations from establishing the type of team that they need to come to terms with complex and pervasive information security issues.
This book recognises the current environment where sensitive, valuable, and critical information is distributed not only to end-users, but these days to contractors, consultants, temporaries, outsourcing firms, business partners, and others. All of these participants have an important role to play in the safeguarding of such information. An essential prerequisite to achieving a workable team for information security is the clarification of roles and responsibilities through job descriptions, departmental mission statements, legal contracts, and other organisational design documents.
Information Security Roles and Responsibilities has been written by security policy consultant and guru, Charles Cresson Wood, CISA, CISSP, who has had over 20 years of experience writing and implementing information security roles and responsibility statements for companies worldwide.
This book can be used effectively by anyone that needs to develop, refine, or otherwise specify information security organisational design documents, no matter what their prior experience in the information security field.
Providing never before available "best practices," this book will help you develop, refine, and gain management approval of the information security function in an organisation.
It includes a hardcopy book, CD-ROM, and an organisation-wide license to republish the materials.
Provides:
- Everything needed to quickly compile essential information security organisational design documents
- Cut-and-paste ready-to-go words from professionally-written material, with a license to republish these same words within the licensed organisation
- A practical step-by-step process for developing, editing, publishing, and obtaining management approval for organisational design documents
- Substantive justifications reflecting the standard of due care that can be used to justify increases in the information security staffing budget
- Organisations with the ability to quickly develop new organisational design infrastructures needed to securely support a wide variety of new information technology initiatives such as Internet commerce
- Standard practices that have been shown to be effective at over 125 organisations around the world
|
|
|
ooooooooooo
