Information Security Policy Development for Compliance

Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0

Published:
Content:
Author(s):
Free Standard Shipping

Purchasing Options

Hardback
$59.95 $47.96
ISBN 9781466580589
Cat# K18842
Add to cart
SAVE 20%
eBook (VitalSource)
$59.95 $41.97
ISBN 9781466580596
Cat# KE22715
Add to cart
SAVE 30%
eBook Rentals
Other eBook Options:
 
 

Features

    • Provides a way to address the regulatory requirements of an organization by writing comprehensive policy statements
    • Supplies a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control
    • Guides policy writers who must meet multiple compliance standards or regulations

     

    Summary

    Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control.

    Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will help readers elicit management opinions on information security and document the formal and informal procedures currently in place. Topics covered include:

    • Entity-level policies and procedures
    • Access-control policies and procedures
    • Change control and change management
    • System information integrity and monitoring
    • System services acquisition and protection
    • Informational asset management
    • Continuity of operations

    The book supplies you with the tools to use the full range of compliance standards as guides for writing policies that meet the security needs of your organization. Detailing a methodology to facilitate the elicitation process, it asks pointed questions to help you obtain the information needed to write relevant policies. More importantly, this methodology can help you identify the weaknesses and vulnerabilities that exist in your organization.

    A valuable resource for policy writers who must meet multiple compliance standards, this guidebook is also available in eBook format. The eBook version includes hyperlinks beside each statement that explain what the various standards say about each topic and provide time-saving guidance in determining what your policy should include.

    Table of Contents

    Entity-Level Policies and Procedures
    Access-Control Policies and Procedures
    Change Control and Change Management
    System Information Integrity and Monitoring
    System Services Acquisition and Protection
    Informational Asset Management
    Continuity of Operations

    Appendices:
    ISO / IEC 27001 (Annex A) Controls(c) ISO
    NIST S P 800-53 Controls
    HIPAA Security Rule
    PCI DSS V 2.0 Controls
    Agreed-Upon Procedures (AU Ps) V 5.0

     
    Textbooks
    Other CRC Press Sites
    Featured Authors
    STAY CONNECTED
    Facebook Page for CRC Press Twitter Page for CRC Press You Tube Channel for CRC Press LinkedIn Page for CRC Press Google Plus Page for CRC Press Pinterest Page for CRC Press
    Sign Up for Email Alerts
    © 2014 Taylor & Francis Group, LLC. All Rights Reserved. Privacy Policy | Cookie Use | Shipping Policy | Contact Us