Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 (Hardcover)

Barry L. Williams

  • 出版商: Auerbach Publication
  • 出版日期: 2013-03-22
  • 售價: $2,980
  • 貴賓價: 9.5$2,831
  • 語言: 英文
  • 頁數: 152
  • 裝訂: Hardcover
  • ISBN: 1466580585
  • ISBN-13: 9781466580589
  • 相關分類: 資訊安全
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control.

Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will help readers elicit management opinions on information security and document the formal and informal procedures currently in place. Topics covered include:

  • Entity-level policies and procedures
  • Access-control policies and procedures
  • Change control and change management
  • System information integrity and monitoring
  • System services acquisition and protection
  • Informational asset management
  • Continuity of operations

The book supplies you with the tools to use the full range of compliance standards as guides for writing policies that meet the security needs of your organization. Detailing a methodology to facilitate the elicitation process, it asks pointed questions to help you obtain the information needed to write relevant policies. More importantly, this methodology can help you identify the weaknesses and vulnerabilities that exist in your organization.

A valuable resource for policy writers who must meet multiple compliance standards, this guidebook is also available in eBook format. The eBook version includes hyperlinks beside each statement that explain what the various standards say about each topic and provide time-saving guidance in determining what your policy should include.

商品描述(中文翻譯)

儘管合規標準可以作為撰寫全面安全政策的有用指南,但許多標準以稍微不同的方式陳述相同的要求。《符合合規的資訊安全政策制定:ISO/IEC 27001、NIST SP 800-53、HIPAA標準、PCI DSS V2.0和AUP V5.0》提供了一種簡化的方式,以滿足主要的監管要求,而不必手動查找每個控制項。

本書解釋了如何撰寫能夠滿足多個合規標準和監管要求的政策聲明,並幫助讀者徵求管理意見,並記錄目前正在使用的正式和非正式程序。涵蓋的主題包括:

- 實體級別的政策和程序
- 存取控制的政策和程序
- 變更控制和變更管理
- 系統資訊完整性和監控
- 系統服務的取得和保護
- 資訊資產管理
- 業務連續性

本書提供了使用全面合規標準作為撰寫符合組織安全需求的政策指南的工具。詳細介紹了一種促進徵求過程的方法論,並提出有針對性的問題,以幫助您獲取撰寫相關政策所需的信息。更重要的是,這種方法論可以幫助您識別組織中存在的弱點和漏洞。

對於必須滿足多個合規標準的政策撰寫人員來說,本指南是一個寶貴的資源,也提供電子書版本。電子書版本在每個聲明旁邊都包含超鏈接,解釋了各種標準對每個主題的說法,並提供節省時間的指導,以確定您的政策應該包含什麼內容。