Free Writing Information Security Policies Ebooks Online

                
              
Free 
Writing Information Security Policies Ebooks Online
Administrators, more technically savvy than their managers, have started to secure the networks in a way they see as appropriate. When management catches up to the notion that security is important, system administrators have already altered the goals and business practices. Although they may be grateful to these people for keeping the network secure, their efforts do not account for all assets and business requirements Finally, someone decides it is time to write a security policy. Management is told of the necessity of the policy document, and they support its development. A manager or administrator is assigned to the task and told to come up with something, and fast! Once security policies are written, they must be treated as living documents. As technology and business requirements change, the policy must be updated to reflect the new environment--at least one review per year. Additionally, policies must include provisions for security awareness and enforcement while not impeding corporate goals. This book serves as a guide to writing and maintaining these all-important security policies.
Paperback: 240 pages
Publisher: New Riders Publishing; 1st edition (November 12, 2001)
Language: English
ISBN-10: 157870264X
ISBN-13: 978-1578702640
Product Dimensions:  7 x 0.7 x 9 inches
Shipping Weight: 11.4 ounces (View shipping rates and policies)
Average Customer Review:  4.5 out of 5 stars  See all reviews (10 customer reviews)
Best Sellers Rank: #198,856 in Books (See Top 100 in Books)   #48 in Books > Computers & Technology > Certification > CompTIA   #125 in Books > Computers & Technology > Security & Encryption > Privacy & Online Safety   #177 in Books > Computers & Technology > Operating Systems > Windows > Windows Desktop
Security policies are not security, and will not provide any protection. However, as the well-known formulation has it: security is a process. An organization does not "have" security, rather they participate in the process of security. Barnum explains that security policies are a component of the planning aspect of the security process, and as such can provide three advantages. The first is to insure security interoperability across an organization. The second advantage is the visibility given to the policy by management's participation in it, which provides a greater impetus for implementation. The third is to mitigate liability, presumably by the legal value of the policy, and the advantages to security that a policy-driven approach proves. Another reason mentioned is that for some organizations, policy documentation is needed for iso900x compliance. Unstated is the assumption that a security policy might result in greater security. After all, even with all the other purported advantages, a security policy is presumptively about making security better.At 216 pages, "Writing Information Security Policies" seems just the right size to touch all the bases, but not enough for a home run in the subject area. Good worklike effort, but the diversity of subject matter, and a lack of focus and internal theoretical structure robs the work of providing insightful organizational direction, though it still pays dividends, and is ultimately very worth reading.The book is divided into three sections. The first is titled "Starting the policy process," and includes such issues as policy needs and roles and responsibilities in the policy process. The second section is writing the security policies in the topical areas.
What makes this book an important addition to the IT security body of knowledge is that it makes a case for, and shows how to, create and implement IT security policies in small-to-medium enterprises.The book itself is a short, somewhat superficial, treatment of IT security policies. It has strengths and weaknesses:STRENGTHS: It makes a compelling business case for having IT security policies, then leads you through the creation of the more common ones. This material is augmented by the book's accompanying web site that provides all of the sample policies in Appendix C in HTML format (most modern word processing programs, such as MS Word can convert this to their native format without losing any of the embedded styles). Note that the URL given in the book has changed, but it is still active and automatically redirects you to the new URL.In addition, the book touches on important topics that you may not think of if you're attempting to develop policies on your own. For example, intellectual property rights, law enforcement issues and forensics. These are touched upon, but will raise your awareness of their importance.WEAKNESSES: The actual development and maintenance of policies is almost an afterthought. Moreover, I thought that a structured approach to threat and vulnerability assessments should have been covered (to be fair, the author discusses major threats on practically every page). I also felt that the policies should have been linked to processes, which is the hallmark of a well written policy, and the importance of clearly defining roles and responsibilities should have been highlighted. I recommend that readers also get a copy of Steve Pages " Achieving 100% Compliance of Policies and Procedures" (ISBN 1929065493) to supplement this book.
Writing Information Security Policies Social Security & Medicare Facts 2016: Social Security Coverage, Maximization Strategies for Social Security Benefits, Medicare/Medicaid, Social Security Taxes, Retirement & Disability, Ser Smart Policies for Workplace Technologies: Email, Blogs, Cell Phones & More (Smart Policies for Workplace Technology) GAAP Handbook of Policies and Procedures (w/CD-ROM) (2014) (GAAP Handbook of Policies & Procedures) Writing: A Guide Revealing The Best Ways To Make Money Writing (Writing, Writing Skills, Writing Prompts Book 1) Operating System Security (Synthesis Lectures on Information Security, Privacy, and Trust) Security Risk Management: Building an Information Security Risk Management Program from the Ground Up Managing Risk In Information Systems (Information Systems Security & Assurance) Writing Romance: The Top 100 Best Strategies For Writing Romance Stories (How To Write Romance Novels, Romance Writing Skills, Writing Romance Fiction Plots, Publishing Romance Books) Writing Effective and Successful Policies and Procedures by Stephen Page Resume Writing for IT Professionals - Resume Magic or How to Find a Job with Resumes and Cover Letters: Google Resume, Write CV, Writing a Resume, Get Job, IT Resume, Writing CV, Resume CV Resume: [ORIGINAL] Writing 2016 The ULTIMATE, Most Up-to-date Guide to Writing a Resume that Lands YOU the Job! (Resume, Resume Writing, CV, Jobs, Career, Cover Letter, Profile Hacks) Resume: How To Write A Resume Which Will Get You Hired In 2016 (Resume, Resume Writing, CV, Resume Samples, Resume Templates, How to Write a CV, CV Writing, Resume Writing Tips, Resume Secrets) 2K to 10K: Writing Faster, Writing Better, and Writing More of What You Love How to Write a Song: Lyric and Melody Writing for Beginners: How to Become a Songwriter in 24 Hours or Less! (Songwriting, Writing better lyrics, Writing melodies, Songwriting exercises) How to Write a Song: Beginner's Guide to Writing a Song in 60 Minutes or Less (Songwriting, Writing better lyrics, Writing melodies, Songwriting exercises Book 1) Writing Romance: The Top 100 Best Strategies For Writing Romance Stories (Romance Stories Book & Novel Writing Guide) Hacking: Computer Hacking:The Essential Hacking Guide for Beginners, Everything You need to know about Hacking, Computer Hacking, and Security ... Bugs, Security Breach, how to hack) CompTIA Security+ Guide to Network Security Fundamentals (with CertBlaster Printed Access Card) Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption 