| | |  | Computer Security | Home » » Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management | | | | | | | Product Promotions: | | | | | Description: | | By definition, information security exists to protect your organization's valuable information resources. But too often information security efforts are viewed as thwarting business objectives. An effective information security program preserves your information assets and helps you meet business objectives. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management provides the tools you need to select, develop, and apply a security program that will be seen not as a nuisance but as a means to meeting your organization's goals.
Divided into three major sections, the book covers: writing policies, writing procedures, and writing standards. Each section begins with a definition of terminology and concepts and a presentation of document structures. You can apply each section separately as needed, or you can use the entire text as a whole to form a comprehensive set of documents. The book contains checklists, sample policies, procedures, standards, guidelines, and a synopsis of British Standard 7799 and ISO 17799.
Peltier provides you with the tools you need to develop policies, procedures, and standards. He demonstrates the importance of a clear, concise, and well-written security program. His examination of recommended industry best practices illustrates how they can be customized to fit any organization's needs. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management helps you create and implement information security procedures that will improve every aspect of your enterprise's activities. | | | Product Details: | | | Author:
| Thomas R. Peltier | | Paperback:
| 312 pages | | Publisher:
| Auerbach Publications | | Publication Date:
| December 20, 2001 | | Language:
| English | | ISBN:
| 0849311373 | | Product Width:
| 173.0 centimeters | | Product Height:
| 250.5 centimeters | | Product Weight:
| 1.45 pounds | | Package Length:
| 9.8 inches | | Package Width:
| 7.0 inches | | Package Height:
| 0.9 inches | | Package Weight:
| 1.35 pounds | | Average Customer Rating:
|  based on 5 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 5 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
32 of 33 found the following review helpful:
Good book for Infosec ManagementApr 10, 2002
By Nasir Farhat Khan
If you want to find out the relation between Policies, Procedures and Standards buy this book. Although the flow of text is somewhat discontinuous but the author clearly explains the underlying concepts. The examples are very illustrative and have a real world feel. The author has been on the frontlines (clearly evident throughout the text) and this distinguishes the book from rest in the pack. Very few books talk about ISO 17799 and BS7799 in detail. This book goes beyond just reproducing the standard and explains the positioning of such guidelines. The tables and checklists found in the appendices alone are worth many times the cost of the book.
12 of 12 found the following review helpful:
 Good, but should have been editedFeb 23, 2005
By G. Haygood Jr.
I just started developing InfoSec policies for my company, and was having a hard time getting started. The Web is filled with sample documents and articles for specific documents, but I needed a resource that assumed I was starting from scratch and would help me build up a good library of content to satisfy our auditors.
So I was a little excited to stumble across this book. It lays a good foundation for what's needed in a security policy library, and steps through the development of the major document types: policies, procedures, standards, and guidelines. It's filled with lots of samples, checklists, templates, and other starting points for everything I was looking for.
One glaring problem, though, which by itself drops the rating 1-2 stars: there is an embarrasingly high number of grammar, syntax, and occassionally even semantic, mistakes. Even though these kind of problems are one of my biggest pet peeves, I might overlook them ... except the author makes multiple statements about proofreading your work before submitting to management!! It seems pretty clear that the book was rushed to publication without a serious round of review (I wonder if I put more editorial time into this review than they did into the book...). Even though the book was written for techno-types, there is no excuse for such egregious errors.
Overall, though, this is a decent resource to help with infosec policy development. Just make sure it's not the only book you use. If they would issue an update, this would become a valuable addition to your library. However, the edition I purchased in Feb 2005 was released in 2002, so I wouldn't expect any updates soon.
7 of 7 found the following review helpful:
Excellent practical guidebookJun 19, 2004
By Dr. G. Hinson
"Gary"
This is the best book I've seen (so far!) about writing infosec policies and associated materials. Tom Peltier refers directly to the ISO 17799 structure and gives helpful advice on what to include under the ten sections. More than that, he guides the reader through the *process* of writing and implementing policies, even including a brief chapter on my own specialism, security awareness, and suggestions on writing style.My main quibble with the book is its inconsistency in the level of detail e.g. 41 of the 191 main text pages are devoted to information classification. There are perhaps too many lists and tables for my liking, but these may be useful as reminders of things to include. Overall, the book is helpful if you are about to write infosec policies and want to avoid some of the more common pitfalls.
 This book is truly a treasure of knowledge.Nov 19, 2006
Information security policies and all of in this book. This is a great advice for business to start, continue, follow on their journey. Thomas has captured the essence of what the business of all levels want to know when it comes to developing IT policies and systems. This book is must read for all of business executive.
1 of 7 found the following review helpful:
Really goodNov 25, 2004
By Eric Kent
Really good for anyone doing infosec policy dev.
this will save you a ton of time.
| | |
|
