Infomation Security Policies: A Practitioner's Reference 2nd Edition

Description

Explains how to integrate information security policies, standards, and procedures towards the achievement of organizational goals
Explores how security policies support management initiatives
Details the methods of an asset classification policy
Covers the components of typical Tier 1 and Tier 2 policies, including employment practices, records management, Internet security, business continuity planning, information protection, and much more
Offers sample standards and information security manuals
Provides an Information Security Reference Guide which addresses infosec fundamentals, employee responsibilities, information handling and processing, security tools, program administration, and other elements needed to allow safe execution of business tasks

Information Security Policies and Procedures: A Practitioner's Reference, Second Edition illustrates how policies and procedures support the efficient running of an organization. This book is divided into two parts, an overview of security policies and procedures, and an information security reference guide. This volume points out how security documents and standards are key elements in the business process that should never be undertaken to satisfy a perceived audit or security requirement. Instead, policies, standards, and procedures should exist only to support business objectives or mission requirements; they are elements that aid in the execution of management policies.

The book emphasizes how information security must be integrated into all aspects of the business process. It examines the 12 enterprise-wide (Tier 1) policies, and maps information security requirements to each. The text also discusses the need for top-specific (Tier 2) policies and application-specific (Tier 3) policies and details how they map with standards and procedures.