Information Security Policies Made Easy
Information Security Policies Made Easy is the "gold standard" information security policy resource based on the 25 year consulting experience of Charles Cresson Wood, CISSP, CISA. The most complete security policy library available, ISPME contains over 1400 pre-written information security policies covering over 200 security topics and organized in ISO 27002 format. Take the work out of creating, writing, and implementing security policies.
» How to Order ISPME
» Table of Contents
» ISPME Data Sheet
» What's New in Version 11
» What Security Experts Say about ISPME
» Who uses ISPME?
» ISPME for Regulatory Compliance
Information Security Policies Made Easy is the definitive resource for information security policies. Version 10 has everything you need to save money while building a due-care security policy environment, including:
1. A complete information security policy library with over 1400 individual pre-written security policies including:- Coverage of the latest technical, legal and regulatory issues
- ISO 17799:2005 outline format, allowing for easy gap-analysis against existing standards and security frameworks
- Expert commentary discussing the risks mitigated by each policy
- Target audience (management, technical, or user) and security environment (low, medium, high) for each policy
- Policy coverage maps for Sarbanes-Oxley (COBIT) and HIPAA security
2. Eighteen complete pre-written security policy documents that every company should have, updated and ready to use "as is" or with easy customization, including:
- User-targeted policies such as: Electronic Mail Policy, Internet Security Policy for End Users and Web Privacy Policy
- Organization-wide policies such as: High-Level Security Policy, Privacy policy, Information Ownership Policy
- Technology-based policies such as: Firewall Policy, Data Classification Policy and Network Security Policy
- Sample risk acceptance memo for the approval of out of compliance situations, a sample non-disclosure agreement, and a user policy acceptance agreement.
- A step-by-step checklist of security policy development tasks to quickly start a policy development project
- Helpful tips and tricks for getting management buy-in for information security policies and education
- Tips and techniques for raising security policy awareness
- Real-world examples of problems caused by missing or poor information security policies
- Policy development resources such as Information Security Periodicals, professional associations and related security organizations
- Policies available in HTML, PDF, MS-Word format
- Easy cut-and-paste into existing corporate documents
- Extensive cross-references between policies that help the user quickly understand alternative solutions and complimentary controls
Information Security Policies Made Easy provides comprehensive information security coverage including:
- Access Control
- Acceptable Use
- Application Development
- Biometrics
- Computer emergency response teams
- Computer viruses
- Contingency planning
- Corporate Governance
- Data Classification and Labeling
- Data Destruction
- Digital signatures
- Economic Espionage
- Electronic commerce
- Electronic mail
- Employee surveillance
- Encryption
- Firewalls
- FAX communications
- Incident Response
- Identity Theft
- Information Ownership
- Information Security Related Terrorism
- Internet
- Local area networks
- Intranets
- Logging controls
- Microcomputers
- Mobile Devices
- Network Security
- Outsourcing security functions
- Password Management
- Personnel Screening and Security
- Portable computers (PDA, Laptops)
- Physical Security
- Privacy issues
- Security Roles and Responsibilities
- Social Engineering (including "phishing")
- SPAM Prevention
- Telecommuting
- Telephone systems
- Third Party Access
- User security training
- Web Site Security
- Wireless Security
- Voice Over IP (VOIP)
- And many more!
Information Security Policies Made Easy, Version 11 is available in CD-ROM and as electronic download. Each CD contains a print-ready PDF, fully-linked HTML and an organization-wide license to republish the materials.
