Information Security Policies, Procedures, and Standards

Book description

This book supplies a blueprint on how to develop effective information security policies and procedures. It uses standards such as NIST 800-53, ISO 27001, and COBIT, and regulations such as HIPAA and PCI DSS as the foundation for the content. Highlighting key terminology, policy development concepts and methods, and suggested document structures, it includes examples, checklists, sample policies and procedures, guidelines, and a synopsis of the applicable standards. Readers will develop the understanding needed to write effective policies and procedures clearly and concisely.

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Table of Contents
  7. PREFACE
  8. AUTHOR
  9. CHAPTER 1 INTRODUCTION
    1. 1.1 No Short Cuts
    2. 1.2 Top-Down Security
    3. 1.3 Current State of Information Security Policy Sets
    4. 1.4 Effectiveness of Information Security Policy Sets
    5. Exercises
  10. CHAPTER 2 INFORMATION SECURITY POLICY BASICS
    1. 2.1 Information Security Policy Types
    2. 2.1.1 Information Security Policies
    3. 2.1.2 Information Security Standards
    4. 2.1.3 Information Security Guidelines
    5. 2.1.4 Information Security Baselines
    6. 2.1.5 Information Security Procedures
    7. Exercises
  11. CHAPTER 3 INFORMATION SECURITY POLICY FRAMEWORK
    1. 3.1 Information Security Policy Sets without Frameworks
    2. 3.2 Information Security Policy Sets with Frameworks
    3. 3.3 Common Information SPFs
      1. 3.3.1 FISMA Framework
      2. 3.3.1.1 Using the FISMA Framework as a Policy Framework
      3. 3.3.1.2 Benefits of the FISMA Security Controls Framework
    4. 3.3.2 ISO 27001:2013 Framework
      1. 3.3.2.1 Using the ISO 27001/2 Framework as a Policy Framework
      2. 3.3.2.2 Benefits of the ISO 27001/2 Security Controls Framework
    5. 3.3.3 COBIT Framework
      1. 3.3.3.1 Using the COBIT Framework as a Policy Framework
      2. 3.3.3.2 Benefits of the COBIT Security Controls Framework
    6. 3.3.4 HMG ISPF Framework
      1. 3.3.4.1 Using the HMG ISPF as a Policy Framework
      2. 3.3.4.2 Benefits of the HMG ISPF
    7. 3.4 Tailoring Information SPFs
      1. 3.4.1 Customer and Business Requirements
      2. 3.4.2 Importance of Completeness
      3. 3.4.3 Adding and Mapping Regulations
    8. 3.5 Deriving a Policy Set from a Framework
    9. Exercises
  12. CHAPTER 4 INFORMATION SECURITY POLICY DETAILS
    1. 4.1 Front Matter
    2. 4.2 Policy Statements
      1. 4.2.1 Back Matter
      2. 4.2.2 Policy Requirement Exceptions
    3. 4.3 Specific Information Security Policies
      1. 4.3.1 Organizational-Level Policies
      2. 4.3.2 Security Program-Level Policies
      3. 4.3.3 User Security Policies
      4. 4.3.4 System and Control Policies
    4. 4.4 Policy Document Examples
    5. Exercises
  13. CHAPTER 5 INFORMATION SECURITY PROCEDURES AND STANDARDS
    1. 5.1 Less Formal Language and Structure
    2. 5.2 Various Purposes of the Standard and Guideline
    3. 5.3 Information Security Procedures
    4. Exercises
  14. CHAPTER 6 INFORMATION SECURITY POLICY PROJECTS
    1. 6.1 Scoping the Project
    2. 6.2 Information Security Policy Project Roles
    3. 6.3 Information Security Policy Project Phases
    4. 6.4 Information Security Policy Revision Project
    5. 6.5 Information Security Policy Project Application
    6. Exercises
  15. APPENDIX A:  EXAMPLE POLICIES (FISMA FRAMEWORK)
  16. APPENDIX B:  EXAMPLE DEPARTMENTAL POLICY TAILORING GUIDE
  17. INDEX

Product information

  • Title: Information Security Policies, Procedures, and Standards
  • Author(s): Douglas J. Landoll
  • Release date: March 2017
  • Publisher(s): Auerbach Publications
  • ISBN: 9781482245912