Information Security Policies Made Easy is the “gold standard” information security policy template library, with over 1500 pre-written information security policies covering over 200 security topics. Based on the 25 year consulting experience of Charles Cresson Wood, CISSP, CISA, it is the most widely used policy library in the world, with over 10,000 customers in 60 countries. Take the work out of creating, writing, and implementing security policies.Information Security Roles and Responsibilities Made Easy by security expert Charles Cresson Wood, provides over 70 pre-written job descriptions, mission statements, and organization charts that you can easily customize for your own organization.
Now click here to save $195 by purchasing together! $1,095.00 for both, $1,290.00 separately.
Information Security Policies Made Easy has everything you need to build a robust security policy program, including:
Thirty-eight (38) essential sample security policy documents:
- Complete coverage of essential security topics including: Access Control Policy, Network Security Policy, Personnel Security, Information Classification, Physical Security, Acceptable Use of Assets, and many more.
- All samples policies in our MS-Word Best Practices Policy Template. Customized in minutes!
Complete 1500+ information security policy statement library
- 1500 individual pre-written security policies covering of the latest technical, legal and regulatory issues
- ISO 17799:2005 (ISO 27002) outline format, allowing for easy gap-analysis against existing standards and security frameworks
- Expert commentary discussing the risks mitigated by each policy
- Target audience (management, technical, or user) and security environment (low, medium, high) for each policy
- Policy coverage maps for PCI-DSS, NIST, ISO 27002, FFIEC and HIPAA-HiTECH security
Expert information security policy development advice and tools
- A step-by-step checklist of security policy development tasks to quickly start a policy development project
- Helpful tips and tricks for getting management buy-in for information security policies and education
- Tips and techniques for raising security policy awareness
- Real-world examples of problems caused by missing or poor information security policies
- Essential policy compliance forms such as Risk acceptance memo, incident Reporting Form and Security Policy Compliance Agreement.
Comprehensive Information Security Policy Coverage
Information Security Policies Made Easy covers over 200 essential information security topics including:
- Access Control
- Acceptable Use
- Application Development
- Biometrics
- Computer emergency response teams
- Computer viruses
- Contingency planning
- Corporate Governance
- Data Classification and Labeling
- Data Destruction
- Digital signatures
- Economic Espionage
- Electronic commerce
- Electronic mail
- Employee surveillance
- Encryption
- Firewalls
- FAX communications
- Incident Response
- Identity Theft
- Information Ownership
- Information Security Related Terrorism
- Internet
- Local area networks
- Intranets
- Logging controls
- Microcomputers
- Mobile Devices
- Network Security
- Outsourcing security functions
- Password Management
- Personnel Screening and Security
- Portable computers (PDA, Laptops)
- Physical Security
- Privacy issues
- Security Roles and Responsibilities
- Social Engineering (including “phishing”)
- SPAM Prevention
- Telecommuting
- Telephone systems
- Third Party Access
- User security training
- Web Site Security
- Wireless Security
- Voice Over IP (VOIP)
- And many more!
Information Security Roles & Responsibilities Made Easy provides:
Over 70 pre-written, time-saving information security documents
- 29 information-security-related committee, board, and department mission statements, with information security responsibilities reflecting the latest technical and legal requirements.
- Over 40 information-security-related job descriptions.
- 12 separate information security organization structures with discussions of pros and cons of each.
- Specification and discussion of 29 critical information security documents that every organization should have.
- Standard practices that have been shown to be effective at over 125 organizations around the world.
- How to persuade management to properly document information security roles and responsibilities, including an easily-customized sample management memorandum.
- Reducing the total cost of information security services by properly documented roles and responsibilities.
- Discussion of responsibility and liability as it relates to documented information security roles, including citations supporting the legal notion of the standard of due care.
- Information security staffing data and analysis to help gain management support for additional resources.
- Common mistakes many organizations make and how to avoid them.
Justification to help increase management’s awareness and funding of information security:
- How to persuade management to properly document information security roles and responsibilities, including an easily-customized sample management memorandum.
- Reducing the total cost of information security services by properly documented roles and responsibilities.
- Discussion of responsibility and liability as it relates to documented information security roles, including citations supporting the legal notion of the standard of due care.
- Information security staffing data and analysis to help gain management support for additional resources.
- Common mistakes many organizations make and how to avoid them.
Specific advice on how to plan, document and execute an information security infrastructure project:
- Information on how to properly review and update information security roles and responsibilities, including department interview techniques.
- How to schedule project resources and time lines for documenting roles and responsibilities.
- Detailed discussion of the Data Owner, Custodian and User roles.
- Actions you should take to reduce your organization’s exposure to workers in information security related positions of trust.
- The synergy between role based access control (RBAC) and clarification of information security roles and responsibilities.
How to Maintain Security Dealing with Third Parties:
- Pros and cons of outsourcing security functions, including validation and security when outsourcing.
- The security roles and responsibilities of software and hardware vendors.
- Decision-making criteria for releasing or withholding roles and responsibilities documentation to/from various external parties
Valuable staffing advice for information security professionals:
- Characteristics of effective information security professionals, including discussion about the pros and cons of hiring hackers and others who have been on the wrong side of the law.
- Specific performance criteria for individuals and teams.
- An expanded list of new information professional certifications with web sites, phone numbers, and addresses for each.
Information Security Policies Made Easy and Information Security Roles and Responsibilities Made Easy are available for electronic download. Each product contains a print-ready PDF, MS-Word templates and an organization-wide license to republish the materials. (No physical CD or book).
Information Security Policies Made Easy and Information Security Roles and Responsibilities Made Easy are also available separately.