|
 |
|
 |
 |
Writing Information Security Policies (Landmark)
|
by Scott Barman
Sales Rank: 144783
|
Discount: 27 %
$34.99
At Amazon
|
|
Paperback: 240 pages
Publisher: Sams November 12, 2001
Language: English
ISBN-10: 157870264X
ISBN-13: 978-1578702640
Product Dimensions:
9 x 7.1 x 0.5 inches
Shipping Weight: 13.3 ounces
Book Description
Administrators, more technically savvy than their managers, have started to secure the networks in a way they see as appropriate. When management catches up to the notion that security is important, system administrators have already altered the goals and business practices. Although they may be grateful to these people for keeping the network secure, their efforts do not account for all assets and business requirementsFinally, someone decides it is time to write a security policy. Management is told of the necessity of the policy document, and they support its development. A manager or administrator is assigned to the task and told to come up with something, and fast!Once security policies are written, they must be treated as living documents. As technology and business requirements change, the policy must be updated to reflect the new environment--at least one review per year. Additionally, policies must include provisions for security awareness and enforcement while not impeding corporate goals. This book serves as a guide to writing and maintaining these all-important security policies.
Download Description
Administrators, more technically savvy than their managers, have started to secure the networks in a way they see as appropriate. When management catches up to the notion that security is important, system administrators have already altered the goals and business practices. Although they may be grateful to these people for keeping the network secure, their efforts do not account for all assets and business requirements Finally, someone decides it is time to write a security policy. Management is told of the necessity of the policy document, and they support its development. A manager or administrator is assigned to the task and told to come up with something, and fast! Once security policies are written, they must be treated as living documents. As technology and business requirements change, the policy must be updated to reflect the new environment--at least one review per year. Additionally, policies must include provisions for security awareness and enforcement while not impeding corporate goals. This book serves as a guide to writing and maintaining these all-important security policies.
Customer Reviews & Comments
What makes this book an important addition to the IT security body of knowledge is that it makes a case for, and shows how to, create and implement IT security policies in small-to-medium enterprises. The book itself is a short, somewhat superficial, treatment of IT security policies. It has strengths and weaknesses: STRENGTHS: It makes a compelling business case for having IT security policies, then leads you through the creation of the more common ones. This material is augmented by the book's accompanying web site that provides all of the sample policies in Appendix C in HTML format (most modern word processing programs, such as MS Word can convert this to their native format without losing any of the embedded styles). Note that the URL given in the book has changed, but it is still active and automatically redirects you to the new URL. In addition, the book touches on important topics that you may not think of if you're attempting to develop policies on your own. For example, intellectual property rights, law enforcement issues and forensics. These are touched upon, but will raise your awareness of their importance. WEAKNESSES: The actual development and maintenance of policies is almost an afterthought. Moreover, I thought that a structured approach to threat and vulnerability assessments should have been covered (to be fair, the author discusses major threats on practically every page). I also felt that the policies should have been linked to processes, which is the hallmark of a well written policy, and the importance of clearly defining roles and responsibilities should have been highlighted. I recommend that readers also get a copy of Steve Pages " Achieving 100% Compliance of Policies and Procedures" (ISBN 1929065493) to supplement this book. Page's book is focused solely on policies and procedures development, and will fill in the gaps left in this book. Overall, this book deserves recognition for raising awareness of the importance of IT security policies to small companies. It also deserves credit for sticking to the fundamentals (cited weaknesses notwithstanding), without overwhelming small enterprise IT professionals who are probably wearing many hats besides IT security. For that audience this book shows the way, and earns my praise.
Comment | Permalink |
(Report this)
|
Writing Information Security Policies (Landmark)
Discount: 27 %
Available from Amazon
Price: $34.99
| |
|
|
|
|
