Information Security Policies Made Easy, Version 10

Information Security Policies Made Easy, Version 10 is the new and updated version of the best-selling policy resource by Charles Cresson Wood, CISSP, CISA, CISM. Based on the 20 year consulting and security experience of Mr. Wood, ISPME is the most complete policy resource available. ISPME Version 10 has everything you need to build a due-care security policy environment, including: 1. A complete policy library with over 1350 individual pre-written security policies including: Coverage of the latest technical, legal and regulatory issues. ISO 17799 outline format, allowing for easy gap-analysis against existing standards and security frameworks. Expert commentary discussing the risks mitigated by each policy. Target audience (management, technical, or user) and security environment (low, medium, high) for each policy. Policy coverage maps for Sarbanes-Oxley (COBIT) and HIPAA security 2. Eighteen complete pre-written security policy documents that every company should have, updated and ready to use as is or with easy customization, including: User-targeted policies such as: Electronic Mail Policy, Internet Security Policy for End Users and Web Privacy Policy. Organization-wide policies such as: High-Level Security Policy, Privacy policy, Information Ownership Policy. Technology-based policies such as: Firewall Policy, Data Classification Policy and Network Security Policy. Sample risk acceptance memo for the approval of out of compliance situations, a sample non-disclosure agreement, and a user policy acceptance agreement. 3. Expert advice on the policy development and review process, including: A step-by-step checklist of policy development tasks to quickly start a policy development project. Helpful tips and tricks for getting management buy-in for information security policies and education. Tips and techniques for raising security policy awareness. Real-world examples of problems caused by missing or poor security policies. Policy development resources such as Information Security Periodicals, professional associations and related security organizations. 4. All content available on an easy-to-use CD-ROM with an indexed and searchable HTML interface for easy location, featuring: Policies available in HTML, PDF, MS-Word format. Easy cut-and-paste into existing corporate documents. Extensive cross-references between policies that help the user quickly understand alternative solutions and complimentary controls. ISPME V10 policies cover these important security topics: Access Control, Data Classification and Control, Risk Assessments, Password and user ID management, Logging Controls, Encryption and Digital Signatures, Instant messaging, PDAs and smart,phones, Personnel Security including Security Awareness and Training, Data Privacy Management for employees and customers, Corporate governance, including Sarbanes-Oxley, Electronic mail, viruses, malicious code protection, and social engineering attacks, including phishing scams, Preventing and responding to identity theft, Network security including wireless and Voice Over Internet Protocol (VOIP), Security, configuration, and management firewalls, Communication Security including telephones and FAX machines, Web site and e-commerce security, Security in 3rd party contracts, including outsourcing and off-shoring of IT projects, Document destruction, as well as retention of documents that may be used in court cases, Incident Response and Contingency planning, Telecommuting and mobile computing, Honeypots and intrusion detection systems, Effective software patch management including Open Source software, And many others! Information Security Policies Made Easy, Version 10.0 policies are organized around the ISO/IEC 17799 Security Standard. An excellent resource purchase a copy and register your product to receive additional updates from Information Shield.