Building an Effective Information Security Policy Architecture

Published:
May 20, 2008 by CRC Press - 368 Pages
Author(s):
Sandy Bacik, Consultant, Fuquay Varina, North Carolina, USA

Purchasing Options

Hardback
$83.95
Add to cart
ISBN 9781420059052
Cat# AU5905
 

Features

  • Explains how to review an existing policy architecture
  • Provides a manual of style with sample document formatting
  • Demonstrates how to perform a risk analysis
  • Describes how to effectively communicate the policy architecture to the organization

    • Summary

    Information security teams are charged with developing and maintaining a set of documents that will protect the assets of an enterprise from constant threats and risks. In order for these safeguards and controls to be effective, they must suit the particular business needs of the enterprise.

    A guide for security professionals, Building an Effective Information Security Policy Architecture explains how to review, develop, and implement a security architecture for any size enterprise, whether it is a global company or a SMB. Through the use of questionnaires and interviews, the book demonstrates how to evaluate an organization’s culture and its ability to meet various security standards and requirements. Because the effectiveness of a policy is dependent on cooperation and compliance, the author also provides tips on how to communicate the policy and gain support for it. 

    Suitable for any level of technical aptitude, this book serves a guide for evaluating the business needs and risks of an enterprise and incorporating this information into an effective security policy architecture.

    Table of Contents

    Introduction
    History of Policy Documents
    Why Do We Really Need Policies?
    What Follows
    The Enterprise
    Policy Architecture Design Process
    Setting the Reporting Structure
    Determining the Mission
    Strategic Plans
    Summary
    What is a Policy Architecture?
    Basic Document Definitions
    Effective Policy Architecture
    Scope of the Architecture
    Top-Level Topics
    Getting Ready to Start
    Reviewing What Is in Place
    Basic Assessment
    Policy Writing Skills
    A Framework or Set of Standards?
    Manual of Style
    Do I Need to Create a Committee?
    Initial Approvals for Information Security
    Writing the Documents
    Policy
    Guideline
    Standard
    Work Instruction
    Memos
    Forms
    Cautions
    Additional Key Policy Topics
    Miscellaneous Items
    Physical Security
    Personnel Security
    Privacy
    Third Parties
    Application Requirements
    Putting It Together
    Topics to Start With
    Reviews
    Project Approval
    Document Approval
    Support
    Publishing
    Updates—Effective Versioning
    Acknowledgment of Understanding
    Exceptions to the Information Security Policy Architecture Documentation
    Crafting Communication for Maximum Effectiveness
    Barriers to Effective Communication
    Listening
    Know Your Audience
    What Is the Enterprise Standard Method of Communication?
    Attention Spans
    Constructive Feedback (AKA Do Not Take It Personally)
    Security Monitoring and Metrics
    Monitoring for Enforcement
    Baselines
    Routine Metrics
    Reporting
    Continuing to Mold Your Style through Experience
    Building for Longevity
    Basic Leadership
    Find a Mentor
    Find Opportunities to Expand Experience
    Appendices
    Index

    Related Titles