Information Security Policies Made Easy is the “gold standard” information security policy template library, with over 1500 pre-written information security policies covering over 200 security topics. Based on the 25 year consulting experience of Charles Cresson Wood, CISSP, CISA, it is the most widely used policy library in the world, with over 10,000 customers in 60 countries. Take the work out of creating, writing, and implementing security policies.
Information Security Policies Made Easy has everything you need to build a robust security policy program.
Thirty-eight (38) essential sample security policy documents:
- Complete coverage of essential security topics including: Access Control Policy, Network Security Policy, Personnel Security, Information Classification, Physical Security, Acceptable Use of Assets, and many more.
- All samples policies in our MS-Word Best Practices Policy Template. Customized in minutes!
Complete information security policy statement library
- 1500 individual pre-written security policies covering of the latest technical, legal and regulatory issues
- ISO 17799:2005 (ISO 27002) outline format, allowing for easy gap-analysis against existing standards and security frameworks
- Expert commentary discussing the risks mitigated by each policy
- Target audience (management, technical, or user) and security environment (low, medium, high) for each policy
- Policy coverage maps for PCI-DSS, NIST, ISO 27002, FFIEC and HIPAA-HiTECH security
Expert information security policy development advice and tools
- A step-by-step checklist of security policy development tasks to quickly start a policy development project
- Helpful tips and tricks for getting management buy-in for information security policies and education
- Tips and techniques for raising security policy awareness
- Real-world examples of problems caused by missing or poor information security policies
- Essential policy compliance forms such as Risk acceptance memo, incident Reporting Form and Security Policy Compliance Agreement.
Comprehensive Information Security Policy Coverage
Information Security Policies Made Easy covers over 200 essential information security topics including:
- Access Control
- Acceptable Use
- Application Development
- Computer emergency response teams
- Computer viruses
- Contingency planning
- Corporate Governance
- Data Classification and Labeling
- Data Destruction
- Digital signatures
- Economic Espionage
- Electronic commerce
- Electronic mail
- Employee surveillance
- FAX communications
- Incident Response
- Identity Theft
- Information Ownership
- Information Security Related Terrorism
- Local area networks
- Logging controls
- Mobile Devices
- Network Security
- Outsourcing security functions
- Password Management
- Personnel Screening and Security
- Portable computers (PDA, Laptops)
- Physical Security
- Privacy issues
- Security Roles and Responsibilities
- Social Engineering (including “phishing”)
- SPAM Prevention
- Telephone systems
- Third Party Access
- User security training
- Web Site Security
- Wireless Security
- Voice Over IP (VOIP)
- And many more!
Information Security Policies Made Easy, Version 13 is available for electronic download. Each product contains a print-ready PDF, MS-Word templates and an organization-wide license to republish the materials.
Most Recommended by Security Pros!
Information Security Policies Made Easy is recommended by your peers, including top information security and data privacy experts. Here are a few of them:
“If I could have only six books in my professional library, this would be one of them.”
Dr. Harold Highland
Editor, Emeritus of Computers & Security Magazine
“Information Security Policies Made Easy (ISPME) is one of the most important information security books available for those who are serious about creating a comprehensive set of information systems security policies. Given the dynamic nature of technology, very few technology books can stand the test of time and remain relevant for a few years, let alone a decade after their original printing.”
Ben Rothke CISSP, CISM
Director – Security Technology Implementation, AXA Technology Services
“The [ISPME] guidelines have saved three months of manual effort that would have been required to research and write policies.”
EDP Audit Manager, City & County of San Francisco, Network Management Systems & Strategies
“It gave us everything we needed to help us write standards and communicate [policies] in a clear, concise manner with no ambiguity or technical jargon … the book paid for itself in two weeks.”
Data Security Consultant to Large Medical Insurance Company, LAN Times
“If you are an auditor, business security or InfoSec specialist, part of corporate management or other business professional, and want to be sure you have a strong foundation for your InfoSec program, you must get and use this book. This book contains not only policies but also a guideline on how to use the policies; provides matrices that make it easier to understand how they all fit together; and many useful appendices. Some may say that this book is too expensive and one can find cheaper books of InfoSec policies. If you go cheap you get cheap. Can you afford to do that when mistakes can be costly and when the protection of your company’s information and competitive edge may be at stake? Buy this book, use it and start building a comprehensive InfoSec program for your company.”
Dr. Gerald L. Kovacich
“Information Security Policies Made Easy is an indispensable tool for anyone who needs to develop a HIPAA security policy. Those who are familiar with the hardbound version of the classic work by Charles Cresson Woods will be amazed by this interactive format. Navigation aids such as the ‘find’ command allowed me to cut my development time considerably.”
Harry E. Smith, CISSP, Co-Founder
PrivaPlan Associates, Inc.
“This is the gold standard Policy reference for any serious security practitioner to have in their arsenal of tools, a must have! The instructions and examples for establishing security polices and implementation processes add real value to this edition.”
John B. Kramer, CISSP, CISA
Information Security Manager – UPMCHS
“Wood has created a complete kit of proven best practices that any organization can use and customize to make policies meeting their exact needs.”
Columnist, Information Security Magazine.
“In 1993, I was asked to develop my first information security policy. I began by cutting and pasting a series of thoughts and calling that a policy. Usually these policies were rejected by management. To ensure that my organization had strong Information Security policies in place, I purchased a copy of Information Security Policies Made Easy. Quickly I learned that creating a policy was a process that included writing policies, editing policies, obtaining management approval, communicating policies, and implementing controls to meet the policy requirements. The book provides the reader with the tools necessary to develop policies, including an easy to use CD (fully-linked and searchable).”
Diana-Lynn Contesti, CISSP, SSCP
Information Security Officer – Dofasco Inc.
“Charles Cresson Wood…is an expert’s expert, and knows more about computer security policies than anyone I know.”
“This book is invaluable to those responsible for creating or maintaining an information security policy manual or similar documents.”