Rothstein Publishing

Business Continuity Publishing

You are here: Home / Archives for ISPME

ISPME

Information Security Policies, Roles, Responsibilities Made Easy: SPECIAL OFFER

by

Information Security Policies Made Easy is the “gold standard” information security policy template library, with over 1500 pre-written information security policies covering over 200 security topics. Based on the 25 year consulting experience of Charles Cresson Wood, CISSP, CISA, it is the most widely used policy library in the world, with over 10,000 customers in 60 countries. Take the work out of creating, writing, and implementing security policies.Information Security Roles and Responsibilities Made Easy by security expert Charles Cresson Wood, provides over 70 pre-written job descriptions, mission statements, and organization charts that you can easily customize for your own organization.

Now click here to save $195 by purchasing together! $1,095.00 for both, $1,290.00 separately.

Information Security Policies Made Easy has everything you need to build a robust security policy program, including:

Thirty-eight (38) essential sample security policy documents:

  • Complete coverage of essential security topics including: Access Control Policy, Network Security Policy, Personnel Security, Information Classification, Physical Security, Acceptable Use of Assets, and many more.
  • All samples policies in our MS-Word Best Practices Policy Template. Customized in minutes!

Complete 1500+ information security policy statement library

  • 1500 individual pre-written security policies covering of the latest technical, legal and regulatory issues
  • ISO 17799:2005 (ISO 27002) outline format, allowing for easy gap-analysis against existing standards and security frameworks
  • Expert commentary discussing the risks mitigated by each policy
  • Target audience (management, technical, or user) and security environment (low, medium, high) for each policy
  • Policy coverage maps for PCI-DSS, NIST, ISO 27002, FFIEC and HIPAA-HiTECH security

Expert information security policy development advice and tools

  • A step-by-step checklist of security policy development tasks to quickly start a policy development project
  • Helpful tips and tricks for getting management buy-in for information security policies and education
  • Tips and techniques for raising security policy awareness
  • Real-world examples of problems caused by missing or poor information security policies
  • Essential policy compliance forms such as Risk acceptance memo, incident Reporting Form and Security Policy Compliance Agreement.

Comprehensive Information Security Policy Coverage

Information Security Policies Made Easy covers over 200 essential information security topics including:

  • Access Control
  • Acceptable Use
  • Application Development
  • Biometrics
  • Computer emergency response teams
  • Computer viruses
  • Contingency planning
  • Corporate Governance
  • Data Classification and Labeling
  • Data Destruction
  • Digital signatures
  • Economic Espionage
  • Electronic commerce
  • Electronic mail
  • Employee surveillance
  • Encryption
  • Firewalls
  • FAX communications
  • Incident Response
  • Identity Theft
  • Information Ownership
  • Information Security Related Terrorism
  • Internet
  • Local area networks
  • Intranets
  • Logging controls
  • Microcomputers
  • Mobile Devices
  • Network Security
  • Outsourcing security functions
  • Password Management
  • Personnel Screening and Security
  • Portable computers (PDA, Laptops)
  • Physical Security
  • Privacy issues
  • Security Roles and Responsibilities
  • Social Engineering (including “phishing”)
  • SPAM Prevention
  • Telecommuting
  • Telephone systems
  • Third Party Access
  • User security training
  • Web Site Security
  • Wireless Security
  • Voice Over IP (VOIP)
  • And many more!

Information Security Roles & Responsibilities Made Easy provides:

Over 70 pre-written, time-saving information security documents

  • 29 information-security-related committee, board, and department mission statements, with information security responsibilities reflecting the latest technical and legal requirements.
  • Over 40 information-security-related job descriptions.
  • 12 separate information security organization structures with discussions of pros and cons of each.
  • Specification and discussion of 29 critical information security documents that every organization should have.
  • Standard practices that have been shown to be effective at over 125 organizations around the world.
  • How to persuade management to properly document information security roles and responsibilities, including an easily-customized sample management memorandum.
  • Reducing the total cost of information security services by properly documented roles and responsibilities.
  • Discussion of responsibility and liability as it relates to documented information security roles, including citations supporting the legal notion of the standard of due care.
  • Information security staffing data and analysis to help gain management support for additional resources.
  • Common mistakes many organizations make and how to avoid them.

Justification to help increase management’s awareness and funding of information security:

  • How to persuade management to properly document information security roles and responsibilities, including an easily-customized sample management memorandum.
  • Reducing the total cost of information security services by properly documented roles and responsibilities.
  • Discussion of responsibility and liability as it relates to documented information security roles, including citations supporting the legal notion of the standard of due care.
  • Information security staffing data and analysis to help gain management support for additional resources.
  • Common mistakes many organizations make and how to avoid them.

Specific advice on how to plan, document and execute an information security infrastructure project:

  • Information on how to properly review and update information security roles and responsibilities, including department interview techniques.
  • How to schedule project resources and time lines for documenting roles and responsibilities.
  • Detailed discussion of the Data Owner, Custodian and User roles.
  • Actions you should take to reduce your organization’s exposure to workers in information security related positions of trust.
  • The synergy between role based access control (RBAC) and clarification of information security roles and responsibilities.

How to Maintain Security Dealing with Third Parties:

  • Pros and cons of outsourcing security functions, including validation and security when outsourcing.
  • The security roles and responsibilities of software and hardware vendors.
  • Decision-making criteria for releasing or withholding roles and responsibilities documentation to/from various external parties

Valuable staffing advice for information security professionals:

  • Characteristics of effective information security professionals, including discussion about the pros and cons of hiring hackers and others who have been on the wrong side of the law.
  • Specific performance criteria for individuals and teams.
  • An expanded list of new information professional certifications with web sites, phone numbers, and addresses for each.

Click here to BUY NOW!

Information Security Policies Made Easy and Information Security Roles and Responsibilities Made Easy are available for electronic download. Each product contains a print-ready PDF, MS-Word templates and an organization-wide license to republish the materials. (No physical CD or book).

Information Security Policies Made Easy and Information Security Roles and Responsibilities Made Easy are also available separately.

Don’t WannaCry? Cyber Security Starts With Sound Information Security Policies

by

We all know we need to update our software, backup our critical data, install and maintain antimalware software and firewalls, manage robust contingency and recovery plans, not open funky emails, audit everything, blah blah blah. So what’s wrong with us? Why don’t we all do these things consistently?

I’d like to think that everything we have been lectured, reminded, scolded, chastised, and even ridiculed about in the way of protecting our digital assets is doable and reasonable, but face it – sometimes it’s not. Costs, number of hours in the day, distractions, urgent priorities, sleep, other crises, get in the way. Or, to put it simply, we get lazy or “have better things to do.”

Then, wham – your drive crashes, WannaCry makes you cry, your computer zigs when it’s supposed to zag, humans be humans, whatever. Suddenly all that stuff hurtles to the top of the list, and you’re scrod (that’s the past pluperfect tense, BTW).

Just so you know, it’s Business Continuity Awareness Week – timing is impeccable! If you haven’t already been bombarded with stuff to add to your to-do list this week thanks to ransomware, check out Preparing for the threat of digital disruption. Symantec is an excellent resource. While WannaCry may turn out to be another Y2K downer, ya never know…

We’re pretty good at protecting Rothstein Associates’ digital assets – we back up data on multiple schedules with multiple tools in multiple, secure locations; our hardware, software, firewalls and antimalware are robust and up to date; we’re not perfect, but we are more careful than most.

So, if I can offer one piece of cybersecurity advice, it’s quite simple – start somewhere. Pick your weakest link, toughen it, and move on. For our team, it’s been explicit information security policies. Essentially, we’ve been doing most of the right things, but hadn’t formalized them. And, as Rothstein Publishing’s team has grown, our assumptions about cybersecurity and resilience have… not always been born out in fact.

We’ve been looking at our policies, procedures and practices, and finding disconnects, and we’re cleaning them up. I have to say, though, it’s a whole lot easier to work from a firm foundation based on policies rather than reactively plugging holes.

So – yes, this part is a subtle sales pitch – we’ve been using a tool we’ve known for two decades, Information Security Policies Made Easy.  Here’s the blurb:

Information Security Policies Made Easy is the “gold standard” information security policy template library, with over 1500 pre-written information security policies covering over 200 security topics. Based on the 25 year consulting experience of Charles Cresson Wood, CISSP, CISA, it is the most widely used policy library in the world, with over 10,000 customers in 60 countries. Take the work out of creating, writing, and implementing security policies.

You can buy it here.

–   Philip Jan Rothstein, FBCI

Information Security Policies Made Easy

by

Information Security Policies Made Easy is the “gold standard” information security policy template library, with over 1500 pre-written information security policies covering 200+ security topics. Based on the 25 year consulting experience of Charles Cresson Wood, CISSP, CISA, it is the most widely used policy library in the world, with 10,000+ customers in 60 countries. Take the work out of creating, writing, and implementing security policies.

Information Security Policies Made Easy has everything you need to build a robust security policy program, delivered by electronic download,  including:

38 essential sample security policy documents:

  • Complete coverage of essential security topics including: Access Control Policy, Network Security Policy, Personnel Security, Information Classification, Physical Security, Acceptable Use of Assets, and many more.
  • All samples policies in our MS-Word Best Practices Policy Template. Customized in minutes!

Complete information security policy statement library

  • 1500 individual pre-written security policies covering of the latest technical, legal and regulatory issues
  • ISO 17799:2005 (ISO 27002) outline format, allowing for easy gap-analysis against existing standards and security frameworks
  • Expert commentary discussing the risks mitigated by each policy
  • Target audience (management, technical, or user) and security environment (low, medium, high) for each policy
  • Policy coverage maps for PCI-DSS, NIST, ISO 27002, FFIEC and HIPAA-HiTECH security

Expert information security policy development advice and tools

  • A step-by-step checklist of security policy development tasks to quickly start a policy development project
  • Helpful tips and tricks for getting management buy-in for information security policies and education
  • Tips and techniques for raising security policy awareness
  • Real-world examples of problems caused by missing or poor information security policies
  • Essential policy compliance forms such as Risk acceptance memo, incident Reporting Form and Security Policy Compliance Agreement.

Comprehensive Information Security Policy Coverage

Information Security Policies Made Easy covers 200+ essential information security topics including:

  • Access Control
  • Acceptable Use
  • Application Development
  • Biometrics
  • Computer emergency response teams
  • Computer viruses
  • Contingency planning
  • Corporate Governance
  • Data Classification and Labeling
  • Data Destruction
  • Digital signatures
  • Economic Espionage
  • Electronic commerce
  • Electronic mail
  • Employee surveillance
  • Encryption
  • Firewalls
  • FAX communications
  • Incident Response
  • Identity Theft
  • Information Ownership
  • Information Security Related Terrorism
  • Internet
  • Local area networks
  • Intranets
  • Logging controls
  • Microcomputers
  • Mobile Devices
  • Network Security
  • Outsourcing security functions
  • Password Management
  • Personnel Screening and Security
  • Portable computers (PDA, Laptops)
  • Physical Security
  • Privacy issues
  • Security Roles and Responsibilities
  • Social Engineering (including “phishing”)
  • SPAM Prevention
  • Telecommuting
  • Telephone systems
  • Third Party Access
  • User security training
  • Web Site Security
  • Wireless Security
  • Voice Over IP (VOIP)
  • And many more!

Information Security Policies Made Easy, Version 13 is available for electronic download. Each product contains a print-ready PDF, MS-Word templates and an organization-wide license to republish the materials.

 $795.00. Click Here to Purchase!

Most Recommended by Security Pros!

Information Security Policies Made Easy is recommended by your peers, including top information security and data privacy experts. Here are a few of them:

“If I could have only six books in my professional library, this would be one of them.”

Dr. Harold Highland
Editor, Emeritus of Computers & Security Magazine

“Information Security Policies Made Easy (ISPME) is one of the most important information security books available for those who are serious about creating a comprehensive set of information systems security policies. Given the dynamic nature of technology, very few technology books can stand the test of time and remain relevant for a few years, let alone a decade after their original printing.”

Ben Rothke CISSP, CISM
Director – Security Technology Implementation, AXA Technology Services

“The [ISPME] guidelines have saved three months of manual effort that would have been required to research and write policies.”

Douglas Feil
EDP Audit Manager, City & County of San Francisco, Network Management Systems & Strategies

“It gave us everything we needed to help us write standards and communicate [policies] in a clear, concise manner with no ambiguity or technical jargon … the book paid for itself in two weeks.”

Jonah Goldsmith
Data Security Consultant to Large Medical Insurance Company, LAN Times

“If you are an auditor, business security or InfoSec specialist, part of corporate management or other business professional, and want to be sure you have a strong foundation for your InfoSec program, you must get and use this [tool]. This book contains not only policies but also a guideline on how to use the policies; provides matrices that make it easier to understand how they all fit together; and many useful appendices. Some may say that this book is too expensive and one can find cheaper books of InfoSec policies. If you go cheap you get cheap. Can you afford to do that when mistakes can be costly and when the protection of your company’s information and competitive edge may be at stake? Buy this, use it and start building a comprehensive InfoSec program for your company.”

Dr. Gerald L. Kovacich
ShockwaveWriters.Com

“Information Security Policies Made Easy is an indispensable tool for anyone who needs to develop a HIPAA security policy. Those who are familiar with the hardbound version of the classic work by Charles Cresson Woods will be amazed by this interactive format. Navigation aids such as the ‘find’ command allowed me to cut my development time considerably.”

Harry E. Smith, CISSP, Co-Founder
PrivaPlan Associates, Inc.

“This is the gold standard Policy reference for any serious security practitioner to have in their arsenal of tools, a must have! The instructions and examples for establishing security polices and implementation processes add real value to this edition.”

John B. Kramer, CISSP, CISA
Information Security Manager – UPMCHS

“Wood has created a complete kit of proven best practices that any organization can use and customize to make policies meeting their exact needs.”

Jay Heiser
Columnist, Information Security Magazine.

“In 1993, I was asked to develop my first information security policy. I began by cutting and pasting a series of thoughts and calling that a policy. Usually these policies were rejected by management. To ensure that my organization had strong Information Security policies in place, I purchased a copy of Information Security Policies Made Easy. Quickly I learned that creating a policy was a process that included writing policies, editing policies, obtaining management approval, communicating policies, and implementing controls to meet the policy requirements. The book provides the reader with the tools necessary to develop policies, including an easy to use CD (fully-linked and searchable).”

Diana-Lynn Contesti, CISSP, SSCP
Information Security Officer – Dofasco Inc.

“Charles Cresson Wood…is an expert’s expert, and knows more about computer security policies than anyone I know.”

Michael Alexander
Editor, Datamation

“This book is invaluable to those responsible for creating or maintaining an information security policy manual or similar documents.”

Belden Menkus
Editor, EDPACS

 

$795.00. Click Here to Purchase!