Atnaujinkite slapukų nuostatas

El. knyga: Information Security Policies, Procedures, and Standards: A Practitioner's Reference [Taylor & Francis e-book]

(Lantego, LLC, Austin, Texas, USA)
  • Formatas: 240 pages
  • Išleidimo metai: 30-Sep-2020
  • Leidėjas: CRC Press
  • ISBN-13: 9781315372785
Kitos knygos pagal šią temą:
  • Taylor & Francis e-book
  • Kaina: 147,72 €*
  • * this price gives unlimited concurrent access for unlimited time
  • Standartinė kaina: 211,02 €
  • Sutaupote 30%
Information Security Policies, Procedures, and Standards: A Practitioner's ReferenceDidesnis paveikslėlis
  • Formatas: 240 pages
  • Išleidimo metai: 30-Sep-2020
  • Leidėjas: CRC Press
  • ISBN-13: 9781315372785
Kitos knygos pagal šią temą:
Taylor & Francis e-booksMore info about Taylor & Francis e-books
Partnerių interneto svetainė: https://www.taylorfrancis.com/books/9781315372785
Information Security Policies, Procedures, and Standards: A Practitioner's Reference gives you a blueprint on how to develop effective information security policies and procedures. It uses standards such as NIST 800-53, ISO 27001, and COBIT, and regulations such as HIPAA and PCI DSS as the foundation for the content. Highlighting key terminology, policy development concepts and methods, and suggested document structures, it includes examples, checklists, sample policies and procedures, guidelines, and a synopsis of the applicable standards.





The author explains how and why procedures are developed and implemented rather than simply provide information and examples. This is an important distinction because no two organizations are exactly alike; therefore, no two sets of policies and procedures are going to be exactly alike. This approach provides the foundation and understanding you need to write effective policies, procedures, and standards clearly and concisely.





Developing policies and procedures may seem to be an overwhelming task. However, by relying on the material presented in this book, adopting the policy development techniques, and examining the examples, the task will not seem so daunting. You can use the discussion material to help sell the concepts, which may be the most difficult aspect of the process. Once you have completed a policy or two, you will have the courage to take on even more tasks. Additionally, the skills you acquire will assist you in other areas of your professional and private life, such as expressing an idea clearly and concisely or creating a project plan.
Preface xi
Author xiii
Chapter 1 Introduction
1(16)
1.1 No Short Cuts
4(2)
1.2 Top-Down Security
6(5)
1.3 Current State of Information Security Policy Sets
11(3)
1.4 Effectiveness of Information Security Policy Sets
14(3)
Exercises
16(1)
Chapter 2 Information Security Policy Basics
17(8)
2.1 Information Security Policy Types
17(8)
2.1.1 Information Security Policies
19(1)
2.1.2 Information Security Standards
20(1)
2.1.3 Information Security Guidelines
21(1)
2.1.4 Information Security Baselines
21(1)
2.1.5 Information Security Procedures
22(1)
Exercises
23(2)
Chapter 3 Information Security Policy Framework
25(32)
3.1 Information Security Policy Sets without Frameworks
25(2)
3.2 Information Security Policy Sets with Frameworks
27(1)
3.3 Common Information SPFs
28(22)
3.3.1 FISMA Framework
29(2)
3.3.1.1 Using the FISMA Framework as a Policy Framework
31(3)
3.3.1.2 Benefits of the FISMA Security Controls Framework
34(1)
3.3.2 ISO 27001:2013 Framework
35(5)
3.3.2.1 Using the ISO 27001/2 Framework as a Policy Framework
40(6)
3.3.2.2 Benefits of the ISO 27001/2 Security Controls Framework
46(1)
3.3.3 COBIT Framework
46(2)
3.3.3.1 Using the COBIT Framework as a Policy Framework
48(1)
3.3.3.2 Benefits of the COBIT Security Controls Framework
48(2)
3.3.4 HMGISPF Framework
50(1)
3.3.4.1 Using the HMG ISPF as a Policy Framework
50(1)
3.3.4.2 Benefits of the HMG ISPF
50(1)
3.4 Tailoring Information SPFs
50(4)
3.4.1 Customer and Business Requirements
52(1)
3.4.2 Importance of Completeness
53(1)
3.4.3 Adding and Mapping Regulations
53(1)
3.5 Deriving a Policy Set from a Framework
54(3)
Exercises
56(1)
Chapter 4 Information Security Policy Details
57(24)
4.1 Front Matter
58(4)
4.2 Policy Statements
62(6)
4.2.1 Back Matter
65(1)
4.2.2 Policy Requirement Exceptions
65(3)
4.3 Specific Information Security Policies
68(8)
4.3.1 Organizational-Level Policies
69(2)
4.3.2 Security Program-Level Policies
71(2)
4.3.3 User Security Policies
73(2)
4.3.4 System and Control Policies
75(1)
4.4 Policy Document Examples
76(5)
Exercises
79(2)
Chapter 5 Information Security Procedures and Standards
81(12)
5.1 Less Formal Language and Structure
81(1)
5.2 Various Purposes of the Standard and Guideline
81(9)
5.3 Information Security Procedures
90(3)
Exercises
92(1)
Chapter 6 Information Security Policy Projects
93(16)
6.1 Scoping the Project
93(1)
6.2 Information Security Policy Project Roles
94(2)
6.3 Information Security Policy Project Phases
96(2)
6.4 Information Security Policy Revision Project
98(3)
6.5 Information Security Policy Project Application
101(8)
Exercises
107(2)
Appendix A Example Policies (FISMA Framework) 109(100)
Appendix B Example Departmental Policy Tailoring Guide 209(22)
Index 231
Doug Landoll is an information security author, consultant, teacher, and business owner who always brings a unique mix of business strategy, technical know-how, and pragmatic approaches to current information security topics. When he is not performing risk assessments or writing policies, he is coming up with better approaches and methods and preparing for his next class or book. Mr. Landoll holds a CISSP, a computer science degree from James Madison University, and an MBA from the University of Texas, Austin. In 2013, Mr. Landoll was inducted as a Distinguished Fellow by the Information Systems Security Association (ISSA).
Pastovi nuoroda: https://www.kriso.lt/db/9781315372785_pe.html
Raktažodžiai: