Information Security Policies Made Easy, Version 12 is now available!
Information Security Policies Made Easy, Version 12 now available! The latest release of the “Gold Standard” security policy library, Information Security Policies Made Easy, version 12, by Charles Cresson Wood, is now available! This update includes over 100 new security policies covering the latest topics including social networking, supply chain, mobile security, identity theft and many more! ISPME V12 includes a library of over 1,500 sample security policies and a complete set of 38 essential sample policy documents.
Information Security Policies Made Easy, Version 12 is available on CD-ROM or as electronic download.
Each CD contains a print-ready PDF, MS-Word templates and an organization-wide license to republish the materials.
BE SURE TO SPECIFY CD OR DOWNLOAD WHEN ORDERING
$795.00, CD or Download version.
 |
| Information Security Policies Made Easy |
Information Security Policy: The Definitive Library
Information Security Policies Made Easy is the leading library of information security policies, used by over 9,000 organizations. ISPME has everything you need to save money while building a due-care security policy environment, including:
1. Complete information security policy statement library
- 1500 individual pre-written security policies covering of the latest technical, legal and regulatory issues
- ISO 17799:2005 (ISO 27002) outline format, allowing for easy gap-analysis against existing standards and security frameworks
- Expert commentary discussing the risks mitigated by each policy
- Target audience (management, technical, or user) and security environment (low, medium, high) for each policy
- Policy coverage maps for Sarbanes-Oxley (COBIT), PCI-DSS, FISMA and HIPAA-HiTECH security
2. Thirty-eight (38) essential sample security policy documents:
- MS-Word format ready to use as-is or with easy customization
- Acceptable use policies such as: Electronic Mail Policy, Internet Security Policy for End Users and Web Privacy Policy
- Organization-wide policies such as: High-Level Security Policy, Privacy policy, Information Ownership Policy
- Technology-based policies such as: Firewall Policy, Data Classification Policy and Network Security Policy
» See the complete list of ISPME sample security policy documents.
3. Expert information security policy development advice and tools
- A step-by-step checklist of security policy development tasks to quickly start a policy development project
- Helpful tips and tricks for getting management buy-in for information security policies and education
- Tips and techniques for raising security policy awareness
- Real-world examples of problems caused by missing or poor information security policies
- Information security policy development resources such as Information Security Periodicals, professional associations and related security organizations
- Essential forms such as Risk acceptance memo, incident Reporting Form and Agreement to Abide by Policies
4. Easy-to-Use Digital Files
- Policies available in both PDF and MS-Word format, with an indexed and searchable PDF interface
- Easy cut-and-paste into existing corporate documents
- Extensive cross-references between policies that help the user quickly understand alternative solutions and complimentary controls
5.Comprehensive Security Policy Coverage
Information Security Policies Made Easy covers over 200 essential information security topics including:
- Access Control
- Acceptable Use
- Application Development
- Biometrics
- Computer emergency response teams
- Computer viruses
- Contingency planning
- Corporate Governance
- Data Classification and Labeling
- Data Destruction
- Digital signatures
- Economic Espionage
- Electronic commerce
- Electronic mail
- Employee surveillance
- Encryption
- Firewalls
- FAX communications
- Incident Response
- Identity Theft
- Information Ownership
- Information Security Related Terrorism
- Internet
- Local area networks
- Intranets
- Logging controls
- Microcomputers
- Mobile Devices
- Network Security
- Outsourcing security functions
- Password Management
- Personnel Screening and Security
- Portable computers (PDA, Laptops)
- Physical Security
- Privacy issues
- Security Roles and Responsibilities
- Social Engineering (including “phishing”)
- SPAM Prevention
- Telecommuting
- Telephone systems
- Third Party Access
- User security training
- Web Site Security
- Wireless Security
- Voice Over IP (VOIP)
- And many more!
♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦
ISPME Table of Contents
Chapter 1: Introduction to Security Policies
Chapter 2: Policy Development Instructions
Instruction
Information Security Policies
Importance Of Policies
Considerations In The Policy Development Process
Policy Development Time Line
Policy Document Length
Policy Usage
Policy Objectives And Scope
Disclaimers
Chapter 3: Using This Guide
Chapter 4: Specific Information Security Policies
Contains over 1500 policy statements with expert commentary on the following topics.
5 SECURITY POLICY
5.1 INFORMATION SECURITY POLICY6 ORGANIZATION OF INFORMATION SECURITY
6.1 INTERNAL ORGANIZATION
6.2 EXTERNAL PARTIES7 ASSET MANAGEMENT
7.1 RESPONSIBILITY FOR ASSETS.
7.2 INFORMATION CLASSIFICATION8 HUMAN RESOURCES SECURITY
8.1 PRIOR TO EMPLOYMENT
8.2 DURING EMPLOYMENT
8.3 TERMINATION OR CHANGE OF EMPLOYMENT9 PHYSICAL AND ENVIRONMENTAL SECURITY
9.1 SECURE AREAS
9.2 EQUIPMENT SECURITY10 COMMUNICATIONS AND OPERATIONS MANAGEMENT
10.1 OPERATIONAL PROCEDURES AND RESPONSIBILITIES
10.2 THIRD PARTY SERVICE DELIVERY MANAGEMENT
10.3 SYSTEM PLANNING AND ACCEPTANCE.
10.4 PROTECTION AGAINST MALICIOUS AND MOBILE CODE
10.5 BACK-UP
10.6 NETWORK SECURITY MANAGEMENT
10.7 MEDIA HANDLING
10.8 EXCHANGE OF INFORMATION
10.9 ELECTRONIC COMMERCE SERVICES
10.10 MONITORING11 ACCESS CONTROL
11.1 BUSINESS REQUIREMENT FOR ACCESS CONTROL
11.2 USER ACCESS MANAGEMENT.
11.3 USER RESPONSIBILITIES
11.4 NETWORK ACCESS CONTROL.
11.5 OPERATING SYSTEM ACCESS CONTROL
11.6 APPLICATION AND INFORMATION ACCESS CONTROL
11.7 MOBILE COMPUTING AND TELEWORKING12 INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE
12.1 SECURITY REQUIREMENTS OF INFORMATION SYSTEMS
12.3 CRYPTOGRAPHIC CONTROLS
12.4 SECURITY OF SYSTEM FILES
12.5 SECURITY IN DEVELOPMENT AND SUPPORT PROCESSES
12.6 TECHNICAL VULNERABILITY MANAGEMENT13 INFORMATION SECURITY INCIDENT MANAGEMENT
13.1 REPORTING INFORMATION SECURITY EVENTS AND WEAKNESSES.
13.2 MANAGEMENT OF INFORMATION SECURITY INCIDENTS AND IMPROVEMENTS14 BUSINESS CONTINUITY MANAGEMENT
14.1 INFORMATION SECURITY ASPECTS OF BUSINESS CONTINUITY MANAGEMENT15 COMPLIANCE
15.1 COMPLIANCE WITH LEGAL REQUIREMENTS
15.2 COMPLIANCE WITH SECURITY POLICIES AND STANDARDS, AND TECHNICAL COMPLIANCE
Appendix A: List Of Information Security Policy References
Appendix B: List Of Information Security Periodicals
Appendix C: List Of Professional Associations And Related Organizations
Appendix D: List Of Suggested Awareness-Raising Methods
In Person
In Writing
On Systems
On Other Things
Appendix E: External Network Interface Security Policy Harmonization
Access Control Considerations
Encryption And Public Key Infrastructure Considerations
Change Control And Contingency Planning Considerations
Network Management Considerations
Appendix F: Checklist Of Steps In Policy Development Process
Appendix G: Overview Of Policy Development Process Tasks
Appendix H: Real World Problem Cases Caused By Missing Policies
Government Agency
Law Firms
Oil Company
Local Newspaper
Midwest Manufacturing Company
West Coast Manufacturing Company
Major Online Service Company
Appendix I: Suggested Next Steps
Appendix J: Regulatory Requirements for Information Security Policies
Using This Guide for Regulatory Requirements
Using this guide for PCI-DSS.
Using this guide for HIPAA/HiTECH Security Requirements
Using this guide for Sarbanes-Oxley Requirements
Using this guide for NIST (FISMA) Security Requirements
Appendix K: Sample Policy-Related Documents
Agreement To Comply With Information Security Policies
Management Risk Acceptance Memo
Two-Page Simple Non-Disclosure Agreement
Sample Data Classification Quick Reference Table
Sample Employment Termination Checklist
Sample Security Incident Reporting Form
Appendix L: Sample Information Security Policy Documents
Sample Acceptable Use of Assets Policy (Internal Systems)
Sample Access Control Security Policy
Sample Account and Privilege Management Policy
Sample Asset Management Policy
Sample Backup and Recovery Policy
Sample Business Continuity Policy
Sample Detailed Information Security Policy
Sample Electronic Mail Security Policy
Sample External Network Connection Security Policy
Sample External Party Information Disclosure Policy
Sample Firewall Management Policy
Sample High-Level Information Security Policy
Sample Information Classification Policy
Sample Incident Reporting and Response Policy
Sample Information Disposal Policy
Sample Information Exchange Policy
Sample Information Ownership Policy
Sample Information Security Program Policy
Sample Internet Acceptable Use Policy
Sample Intranet Security Policy
Sample IT Risk Management Security Policy
Sample Log Management and Monitoring Policy
Sample Network Security Management Policy
Sample Malicious Software Policy
Sample Mobile Computer Security Policy
Sample Password Management Policy
Sample Personal Computer Security Policy
Sample Personnel Security Management Policy
Sample Physical Security Policy
Sample Privacy Policy – Stringent
Sample Privacy Policy – Lenient
Sample Remote Access Management Policy
Sample Social Networking Acceptable Use Policy
Sample Telecommuting Security Policy
Sample Third Party Security Management Policy
Sample Web Site Security Policy
Sample Wireless Network Security Policy
Appendix M: Index Of New Policies In Version 11
About the Author
Tags: charles cresson wood, COBIT, FISMA, HIPAA-HiTECH, information security policies made easy, ISO 17799:2005, ISO 27002, ISPME, PCI-DSS, Sarbanes-Oxley
