Information Security Policies, Procedures, and Standards

By definition, information security exists to protect your organization's valuable information resources. But too often information security efforts are viewed as thwarting business objectives. An effective information security program preserves your information assets and helps you meet business objectives. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management provides the tools you need to select, develop, and apply a security program that will be seen not as a nuisance but as a means to meeting your organization's goals.Divided into three major sections, the book covers: writing policies, writing procedures, and writing standards. Each section begins with a definition of terminology and concepts and a presentation of document structures. You can apply each section separately as needed, or you can use the entire text as a whole to form a comprehensive set of documents. The book contains checklists, sample policies, procedures, standards, guidelines, and a synopsis of British Standard 7799 and ISO 17799.Peltier provides you with the tools you need to develop policies, procedures, and standards. He demonstrates the importance of a clear, concise, and well-written security program. His examination of recommended industry best practices illustrates how they can be customized to fit any organization's needs. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management helps you create and implement information security procedures that will improve every aspect of your enterprise's activities.

Contents

Acknowledgments xi
Introduction xiii

1 Overview: Information Protection Fundamentals 1
2 Writing Mechanics and the Message 13
3 Policy Development 21
4 Mission Statement 53
5 Standards 69
6 Writing Procedures 83
7 Information Classification 107
8 Security Awareness Program 149
9 Why Manage This Process as a Project? 161
10 Information Technology: Code of Practice for Information Security Management 175
11 Review 187

Appendices
Appendix A Policy Baseline Checklist 195
Appendix B Sample Corporate Policies 205
Appendix C List of Acronyms 215
Appendix D Sample Security Policies 225
Appendix E Job Descriptions 255
Appendix F Security Assessment 261
Appendix G References 285

About the Author 287
Index