E-Book, Englisch, 368 Seiten
Bacik Building an Effective Information Security Policy Architecture
Erscheinungsjahr 2008
ISBN: 978-1-4200-5906-9
Verlag: Taylor & Francis
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
E-Book, Englisch, 368 Seiten
ISBN: 978-1-4200-5906-9
Verlag: Taylor & Francis
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
Information security teams are charged with developing and maintaining a set of documents that will protect the assets of an enterprise from constant threats and risks. In order for these safeguards and controls to be effective, they must suit the particular business needs of the enterprise. A guide for security professionals, Building an Effective Information Security Policy Architecture explains how to review, develop, and implement a security architecture for any size enterprise, whether it is a global company or a SMB. Through the use of questionnaires and interviews, the book demonstrates how to evaluate an organization’s culture and its ability to meet various security standards and requirements. Because the effectiveness of a policy is dependent on cooperation and compliance, the author also provides tips on how to communicate the policy and gain support for it. Suitable for any level of technical aptitude, this book serves a guide for evaluating the business needs and risks of an enterprise and incorporating this information into an effective security policy architecture.
Zielgruppe
Information security management and administrators, business continuity planners, systems administrators, network managers, and administrators.
Autoren/Hrsg.
Weitere Infos & Material
Introduction
History of Policy Documents
Why Do We Really Need Policies?
What Follows
The Enterprise
Policy Architecture Design Process
Setting the Reporting Structure
Determining the Mission
Strategic Plans
Summary
What is a Policy Architecture?
Basic Document Definitions
Effective Policy Architecture
Scope of the Architecture
Top-Level Topics
Getting Ready to Start
Reviewing What Is in Place
Basic Assessment
Policy Writing Skills
A Framework or Set of Standards?
Manual of Style
Do I Need to Create a Committee?
Initial Approvals for Information Security
Writing the Documents
Policy
Guideline
Standard
Work Instruction
Memos
Forms
Cautions
Additional Key Policy Topics
Miscellaneous Items
Physical Security
Personnel Security
Privacy
Third Parties
Application Requirements
Putting It Together
Topics to Start With
Reviews
Project Approval
Document Approval
Support
Publishing
Updates—Effective Versioning
Acknowledgment of Understanding
Exceptions to the Information Security Policy Architecture Documentation
Crafting Communication for Maximum Effectiveness
Barriers to Effective Communication
Listening
Know Your Audience
What Is the Enterprise Standard Method of Communication?
Attention Spans
Constructive Feedback (AKA Do Not Take It Personally)
Security Monitoring and Metrics
Monitoring for Enforcement
Baselines
Routine Metrics
Reporting
Continuing to Mold Your Style through Experience
Building for Longevity
Basic Leadership
Find a Mentor
Find Opportunities to Expand Experience
Appendices
Index
