Book description
Everything you need to know about information security programs and policies, in one book
Clearly explains all facets of InfoSec program and policy planning, development, deployment, and management
Thoroughly updated for today’s challenges, laws, regulations, and best practices
The perfect resource for anyone pursuing an information security management career
In today’s dangerous world, failures in information security can be catastrophic. Organizations must protect themselves. Protection begins with comprehensive, realistic policies. This up-to-date guide will help you create, deploy, and manage them.
Complete and easy to understand, it explains key concepts and techniques through real-life examples. You’ll master modern information security regulations and frameworks, and learn specific best-practice policies for key industry sectors, including finance, healthcare, online commerce, and small business.
If you understand basic information security, you’re ready to succeed with this book. You’ll find projects, questions, exercises, examples, links to valuable easy-to-adapt information security policies...everything you need to implement a successful information security program.
Sari Stern Greene, CISSP, CRISC, CISM, NSA/IAM, is an information security practitioner, author, and entrepreneur. She is passionate about the importance of protecting information and critical infrastructure. Sari founded Sage Data Security in 2002 and has amassed thousands of hours in the field working with a spectrum of technical, operational, and management personnel, as well as boards of directors, regulators, and service providers. Her first text was Tools and Techniques for Securing Microsoft Networks, commissioned by Microsoft to train its partner channel, which was soon followed by the first edition of Security Policies and Procedures: Principles and Practices. She is actively involved in the security community, and speaks regularly at security conferences and workshops. She has been quoted in The New York Times, Wall Street Journal, and on CNN, and CNBC. Since 2010, Sari has served as the chair of the annual Cybercrime Symposium.
Learn how to
· Establish program objectives, elements, domains, and governance
· Understand policies, standards, procedures, guidelines, and plans—and the differences among them
· Write policies in “plain language,” with the right level of detail
· Apply the Confidentiality, Integrity & Availability (CIA) security model
· Use NIST resources and ISO/IEC 27000-series standards
· Align security with business strategy
· Define, inventory, and classify your information and systems
· Systematically identify, prioritize, and manage InfoSec risks
· Reduce “people-related” risks with role-based Security Education, Awareness, and Training (SETA)
· Implement effective physical, environmental, communications, and operational security
· Effectively manage access control
· Secure the entire system development lifecycle
· Respond to incidents and ensure continuity of operations
· Comply with laws and regulations, including GLBA, HIPAA/HITECH, FISMA, state data security and notification rules, and PCI DSS
Table of contents
- About This eBook
- Title Page
- Copyright Page
- Contents at a Glance
- Table of Contents
- About the Author
- Dedication
- Acknowledgments
- We Want to Hear from You!
- Reader Services
- Chapter 1. Understanding Policy
- Chapter 2. Policy Elements and Style
- Chapter 3. Information Security Framework
- Chapter 4. Governance and Risk Management
- Chapter 5. Asset Management
- Chapter 6. Human Resources Security
- Chapter 7. Physical and Environmental Security
- Chapter 8. Communications and Operations Security
- Chapter 9. Access Control Management
- Chapter 10. Information Systems Acquisition, Development, and Maintenance
- Chapter 11. Information Security Incident Management
- Chapter 12. Business Continuity Management
- Chapter 13. Regulatory Compliance for Financial Institutions
- Chapter 14. Regulatory Compliance for the Healthcare Sector
- Chapter 15. PCI Compliance for Merchants
-
Appendix A. Information Security Program Resources
- National Institute of Standards and Technology (NIST) Special Publications
- Federal Financial Institutions Examination Council (FFIEC) IT Handbooks
- Department of Health and Human Services HIPAA Security Series
- Payment Security Standards Council Documents Library
- Information Security Professional Development and Certification Organizations
-
Appendix B. Sample Information Security Policy
- Introduction
- Section 1: Governance and Risk Management
- Section 2: Asset Management
- Section 3: Human Resources Security
- Section 4: Physical and Environmental Security
- Section 5: Communications and Operations Security
- Section 6: Access Control Management
- Section 7: Information Systems Acquisition, Development, and Maintenance
- Section 8: Incident Management
- Section 9: Business Continuity
- Appendix C. Information Systems Acceptable Use Agreement and Policy
- Index
Product information
- Title: Security Program and Policies: Principles and Practices, Second Edition
- Author(s):
- Release date: March 2014
- Publisher(s): Pearson IT Certification
- ISBN: 9780133481181
You might also like
book
Information Security: Principles and Practices, Second Edition
Information Security: Principles and Practices, Second Edition Everything You Need to Know About Modern Computer Security, …
book
Security Policies and Implementation Issues, 2nd Edition
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES Security Policies …
book
Fundamentals of Information Systems Security, 3rd Edition
Revised and updated with the latest data in the field, Fundamentals of Information Systems Security, Third …
book
Developing Cybersecurity Programs and Policies, 3rd Edition
All the Knowledge You Need to Build Cybersecurity Programs and Policies That Work Clearly presents best …