Writing Information Security Policies
貴賓價: $963IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job (Paperback)
貴賓價: $1,537802.11 Wireless Networks: The Definitive Guide
Administrators, more technically savvy than their managers, have started to
secure the networks in a way they see as appropriate. When management catches up
to the notion that security is important, system administrators have already
altered the goals and business practices. Although they may be grateful to these
people for keeping the network secure, their efforts do not account for all
assets and business requirementsFinally, someone decides it is time to write a
security policy. Management is told of the necessity of the policy document, and
they support its development. A manager or administrator is assigned to the task
and told to come up with something, and fast!Once security policies are written,
they must be treated as living documents. As technology and business
requirements change, the policy must be updated to reflect the new
environment--at least one review per year. Additionally, policies must include
provisions for security awareness and enforcement while not impeding corporate
goals. This book serves as a guide to writing and maintaining these
all-important security policies.
Table of Contents
I. STARTING THE POLICY PROCESS.
2. Determining Your Policy Needs.
3. Information Security Responsibilities.
II. WRITING THE SECURITY POLICIES.
5. Authentication and Network Security.
6. Internet Security Policies.
7. Email Security Policies.
8. Viruses, Worms, and Trojan Horses.
10. Software Development Policies.
III. MAINTAINONG THE POLICIES.
12. Compliance and Enforcement.
13. The Policy Review Process.
Appendix B. Resources.
Appendix C. Sample Policies.