50% Off The Criterion Collection Shop Now
Building an Effective Information Security Policy Architecture / Edition 1

Building an Effective Information Security Policy Architecture / Edition 1

by Sandy Bacik
Building an Effective Information Security Policy Architecture / Edition 1
Add to Wishlist
ISBN-10:
0367387301
ISBN-13:
9780367387303
Pub. Date:
09/19/2019
Publisher:
Taylor & Francis
ISBN-10:
0367387301
ISBN-13:
9780367387303
Pub. Date:
09/19/2019
Publisher:
Taylor & Francis
Building an Effective Information Security Policy Architecture / Edition 1

Building an Effective Information Security Policy Architecture / Edition 1

by Sandy Bacik

Overview

Information security teams are charged with developing and maintaining a set of documents that will protect the assets of an enterprise from constant threats and risks. In order for these safeguards and controls to be effective, they must suit the particular business needs of the enterprise.

A guide for security professionals, Building an Effective Information Security Policy Architecture explains how to review, develop, and implement a security architecture for any size enterprise, whether it is a global company or a SMB. Through the use of questionnaires and interviews, the book demonstrates how to evaluate an organization’s culture and its ability to meet various security standards and requirements. Because the effectiveness of a policy is dependent on cooperation and compliance, the author also provides tips on how to communicate the policy and gain support for it. 

Suitable for any level of technical aptitude, this book serves a guide for evaluating the business needs and risks of an enterprise and incorporating this information into an effective security policy architecture.

Product Details

ISBN-13: 9780367387303
Publisher: Taylor & Francis
Publication date: 09/19/2019
Pages: 368
Product dimensions: 6.12(w) x 9.19(h) x (d)

Table of Contents

Dedication and Thanks v

Preface xi

The Author xiii

1 Introduction 1

1.1 History of Policy Documents 3

1.2 Why Do We Really Need Policies? 4

1.3 What Follows 7

2 The Enterprise 11

2.1 Policy Architecture Design Process 11

2.2 Setting the Reporting Structure 12

2.3 Determining the Mission 15

2.4 Strategic Plans 18

2.5 Summary 20

3 What Is a Policy Architecture? 21

3.1 Basic Document Definitions 24

3.2 Effective Policy Architecture 25

3.3 Scope of the Architecture 26

3.4 Top-Level Topics 28

4 Getting Ready to Start 31

4.1 Reviewing What Is in Place 31

4.2 Basic Assessment 33

4.3 Policy Writing Skills 37

4.4 A Framework or Set of Standards? 39

4.5 Manuals of Style 41

4.6 Do I Need to Create a Committee? 43

4.7 Initial Approvals for Information Security 46

5 Writing the Documents 47

5.1 Policy 47

5.2 Guideline 50

5.3 Standard 52

5.3.1 General Standard 52

5.3.2 Technical Standard 54

5.4 Work Instruction 54

5.4.1 User Work Instruction 54

5.4.2 IT Work Instruction 57

5.5 Memos 57

5.6 Forms 57

5.7 Cautions 58

6 Additional Key Policy Topics 59

6.1 Miscellaneous Items 59

6.2 Physical Security 60

6.3 Personnel Security 63

6.3.1 Badging 63

6.3.2 Staff 63

6.3.3 Authorized Non-Employees 65

6.3.4 Visitors 65

6.4 Privacy 66

6.5 Third Parties 67

6.6 Application Requirements 69

7 Putting It Together 97

7.1 Topics to Start With 97

7.2 Reviews 98

7.3 Project Approval 101

7.4 Document Approval 104

7.5 Support 107

7.6 Publishing 113

7.7 Updates-Effective Versioning 116

7.8 Acknowledgment of Understanding 117

7.9 Exceptions to the Information Security Policy Architecture Documentation 118

8 Crafting Communication for Maximum Effectiveness 121

8.1 Barriers to Effective Communication 122

8.2 Listening 123

8.3 Know Your Audience 124

8.4 What Is the Enterprise Standard Method of Communication? 125

8.4.1 Lunch and Learns 128

8.4.2 Written 128

8.4.3 Employee Handbook 130

8.4.4 Intranet 130

8.4.5 Informal Training 131

8.4.6 Death by PowerPoint 131

8.4.7 No Such Thing As a Stupid Question 132

8.5 Attention Spans 133

8.6 Constructive Feedback (AKA Do Not Take It Personally) 134

9 Security Monitoring and Metrics 137

9.1 Monitoring for Enforcement 138

9.2 Baselines 140

9.3 Routine Metrics 142

9.4 Reporting 147

10 Continuing to Mold Your Style Through Experience 149

10.1 Building for Longevity 149

10.2 Basic Leadership 150

10.3 Find a Mentor 153

10.4 Find Opportunities to Expand Experience 154

10.5 Summary 155

Appendices 157

Index 341

From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Computers - General & Miscellaneous
Networking & Telecommunications
Computer Security
Security - Computer Networks
Computers
Computers - General & Miscellaneous
Networking & Telecommunications
Computer Security
Security - Computer Networks

Customer Reviews