Book description
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES! The study of information system security concepts and domains is an essential part of the education of computer science students and professionals alike. Security Policies and Implementation Issues offers a comprehensive, end-to-end view of information security policies and frameworks from the raw organizational mechanics of building to the psychology of implementation. It presents an effective balance between technical knowledge and soft skills, and introduces many different concepts of information security in clear simple terms such as governance, regulator mandates, business drivers, legal considerations, and much more. With step-by-step examples and real-world exercises, this book is a must-have resource for students, security officers, auditors, and risk leaders looking to fully understand the process of implementing successful sets of security policies and frameworks.Table of contents
- Copyright
- Preface
- Acknowledgments
- About the Author
-
ONE. The Need for IT Security Policy Frameworks
-
1. Information Systems Security Policy Management
- What Is Information Systems Security?
- What Is Information Assurance?
- What Is Governance?
- Why Is Governance Important?
- What Are Information Systems Security Policies?
- Where Do Information Systems Security Policies Fit Within an Organization?
- Why Information Systems Security Policies Are Important
- When Do You Need Information Systems Security Policies?
- Why Enforcing and Winning Acceptance for Policies Is Challenging
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 1 ASSESSMENT
- 2. Business Drivers for Information Security Policies
-
3. U.S. Compliance Laws and Information Security Policy Requirements
- U.S. Compliance Laws
- Whom Do the Laws Protect?
- Which Laws Require Proper Security Controls Including Policies?
- Aligning Security Policies and Controls with Regulations
- Industry Leading Practices and Self-Regulation
- Some Important Industry Standards
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 3 ASSESSMENT
- ENDNOTES
- 4. Business Challenges Within the Seven Domains of IT Responsibility
-
5. Information Security Policy Implementation Issues
- Human Nature in the Workplace
- Organizational Structure
- The Challenge of User Apathy
- The Importance of Executive Management Support
- The Role of Human Resources
- Policy Roles, Responsibilities, and Accountability
- When Policy Fulfillment Is Not Part of Job Descriptions
- Impact on Entrepreneurial Productivity and Efficiency
- Tying Security Policy to Performance and Accountability
- Success Is Dependent Upon Proper Interpretation and Enforcement
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 5 ASSESSMENT
- ENDNOTE
-
1. Information Systems Security Policy Management
-
TWO. Types of Policies and Appropriate Frameworks
-
6. IT Security Policy Frameworks
- What Is an IT Policy Framework?
- What Is a Program Framework Policy or Charter?
- Business Considerations for the Framework
- Information Assurance Considerations
- Information Systems Security Considerations
- Best Practices for IT Security Policy Framework Creation
- Case Studies in Policy Framework Development
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 6 ASSESSMENT
-
7. How to Design, Organize, Implement, and Maintain IT Security Policies
- Policies and Standards Design Considerations
- Document Organization Considerations
- Considerations For Implementing Policies and Standards
- Policy Change Control Board
- Maintaining Your Policies and Standards Library
- Best Practices for Policies and Standards Maintenance
- Case Studies and Examples of Designing, Organizing, Implementing, and Maintaining IT Security Policies
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 7 ASSESSMENT
-
8. IT Security Policy Framework Approaches
- IT Security Policy Framework Approaches
- Roles, Responsibilities, and Accountability for Personnel
- Separation of Duties
- Governance and Compliance
- Best Practices for IT Security Policy Framework Approaches
- Case Studies and Examples of IT Security Policy Framework Approaches
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 8 ASSESSMENT
- ENDNOTE
-
9. User Domain Policies
- The Weakest Link in the Information Security Chain
- Six Types of Users
- Why Govern Users with Policies?
- Acceptable Use Policy (AUP)
- The Privileged-Level Access Agreement (PAA)
- Security Awareness Policy (SAP)
- Best Practices for User Domain Policies
- Case Studies and Examples of User Domain Policies
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 9 ASSESSMENT
-
10. IT Infrastructure Security Policies
- Anatomy of an Infrastructure Policy
- Workstation Domain Policies
- LAN Domain Policies
- LAN-to-WAN Domain Policies
- WAN Domain Policies
- Remote Access Domain Policies
- System/Application Domain Policies
- Telecommunications Policies
- Best Practices for IT Infrastructure Security Policies
- Case Studies and Examples of IT Infrastructure Security Policies
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 10 ASSESSMENT
-
11. Data Classification and Handling Policies and Risk Management Policies
- Data Classification Policies
- Data Handling Policies
- Identify Business Risks Related to Information Systems
- Business Impact Analysis (BIA) Policies
- Risk Assessment Policies
- Business Continuity Planning (BCP) Policies
-
Disaster Recovery Plan (DRP) Policies
- Disaster Declaration Policy
- Assessment of the Severity of the Disaster and Potential Downtime
- Dealing with Natural Disasters, Man-Made Disasters, and Catastrophic Loss
- Disaster Recovery Procedures for Mission-Critical System, Application, or Data Functionality and Recovery
- RTO Policies Based on Disaster Scenario
- Best Practices for Risk Management Policies
- Case Studies and Examples of Risk Management Policies
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 11 ASSESSMENT
-
12. Incident Response Team (IRT) Policies
- Incident Response Policy
- Incident Classification
- The Response Team Charter
- Incident Response Team Members
- Responsibilities During an Incident
- Procedures for Incident Response
- Best Practices for Incident Response Policies
- Case Studies and Examples of Incident Response Policies
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 12 ASSESSMENT
-
6. IT Security Policy Frameworks
-
THREE. Implementing and Maintaining an IT Security Policy Framework
-
13. IT Security Policy Implementations
- Implementation Issues for IT Security Policies
- Security Awareness Policy Implementations
- Information Dissemination—How to Educate Employees
- Overcoming Technical Hindrances
- Overcoming Nontechnical Hindrances
- Best Practices for IT Security Policy Implementations
- Case Studies and Examples of Successful IT Security Policy Implementations
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 13 ASSESSMENT
- ENDNOTE
-
14. IT Security Policy Enforcement
- Organizational Support for IT Security Policy Enforcement
- An Organization's Right to Monitor User Actions and Traffic
- Compliance Law: Requirement or Risk Management?
- What Is Law and What Is Policy?
- What Automated Security Controls Can Be Implemented Through Policy?
- Legal Implications of IT Security Policy Enforcement
- Who Is Ultimately Liable for Risk, Threats, and Vulnerabilities?
- Best Practices for IT Security Policy Enforcement
- Case Studies and Examples of Successful IT Security Policy Enforcement
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 14 ASSESSMENT
-
15. IT Policy Compliance Systems and Emerging Technologies
- Defining a Baseline Definition for Information Systems Security
- Tracking, Monitoring, and Reporting IT Security Baseline Definition and Policy Compliance
- Automating IT Security Policy Compliance
- Emerging Technologies and Solutions
- Best Practices for IT Security Policy Compliance Monitoring
- Case Studies and Examples of Successful IT Security Policy Compliance Monitoring
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 15 ASSESSMENT
-
13. IT Security Policy Implementations
- A. Answer Key
- B. Standard Acronyms
- Glossary of Key Terms
- References
Product information
- Title: Security Policies and Implementation Issues
- Author(s):
- Release date: October 2010
- Publisher(s): Jones & Bartlett Learning
- ISBN: 9780763791339
You might also like
book
The Handbook of Global Security Policy
This Handbook brings together 30 state-of-the-art essays covering the essential aspects of global security research and …
book
Information Security Policy Development for Compliance
Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards …
book
Security Policies and Implementation Issues, 3rd Edition
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES Security Policies …
book
Security Policies and Implementation Issues, 2nd Edition
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES Security Policies …