Call Us: 888 641 0500

In anticipation of the release of the newest installment in Mr. Wood's policy development resource guide "Information Security Policies Made Easy Version 9", we solicited several well know security experts and asked for their feedback on this newest release.

Below is just a sample of the outstanding reviews we have received:

"It gave us everything we needed to help us write standards and communicate [policies] in a clear, concise manner with no ambiguity or technical jargon ... the book paid for itself in two weeks."
Jonah Goldsmith
Data Security Consultant to Large Medical Insurance Company, LAN Times

"If I could have only six books in my professional library, this would be one of them."
Dr. Harold Highland
Editor, Emeritus of Computers & Security magazine

"The [ISPME] guidelines have saved three months of manual effort that would have been required to research and write policies."
Douglas Feil
EDP Audit Manager, City & County of San Francisco, Network Management Systems & Strategies

"Charles Cresson Wood, with the help of NetIQ, has made another significant contribution to the information security standard of due care in Version 9 of his ongoing massive work, Information Security Policies Made Easy. Version 9 is a significant advance from previous versions making it a necessary part of every information security practitioner's library and an important contribution to the baseline of information security due care safeguards. He has added 185 new due care and advanced policies to the 1175 in Version 8, and he has used a functional new numbering system for them (with mapping to the previous simple scheme) using the ISO 17799 Categories - very smart. He has expanded the descriptions of each policy by adding electronic links (in the CD presentation) to related policies; identified the audience; and suggested the low, medium, high level of security strength it provides. He lists the new policies that he has added, and there is even a real word index at the end."
By Donn B. Parker, CISSP

"If you are an auditor, business security or InfoSec specialist, part of corporate management or other business professional, and want to be sure you have a strong foundation for your InfoSec program, you must get and use this book. This book contains not only policies but also a guideline on how to use the policies; provides matrices that make it easier to understand how they all fit together; and many useful appendices. Some may say that this book is too expensive and one can find cheaper books of InfoSec policies. If you go cheap you get cheap. Can you afford to do that when mistakes can be costly and when the protection of your company's information and competitive edge may be at stake? Buy this book, use it and start building a comprehensive InfoSec program for your company."
Dr. Gerald L. Kovacich
ShockwaveWriters.Com

The latest edition of Policies Made Easy is well organized, easy to follow with many helpful links. The sample policies are helpful, and make a great shortcut for those security administrators struggling to come up with the right wording for a policy. I've used previous versions of this book, and this is by far the best and most usable addition."
Edward Napoleon, CISSP
Ernst & Young

"This is the gold standard Policy reference for any serious security practitioner to have in their arsenal of tools, a must have! The instructions and examples for establishing security polices and implementation processes add real value to this edition".
John B. Kramer, CISSP, CISA
Information Security Manager - UPMCHS

"Wood has created a complete kit of proven best practices that any organization can use and customize to make policies meeting their exact needs."
Jay Heiser
Columnist, "Information Security" magazine

"In 1993, I was asked to develop my first information security policy. I began by cutting and pasting a serious of thoughts and calling that a policy. Usually these policies were rejected by management. To ensure that my organization had strong Information Security policies in place, I purchased a copy of Information Security Policies Made Easy. Quickly I learned that creating a policy was a process that included writing policies, editing policies, obtaining management approval, communicating policies, and implementing controls to meet the policy requirements. The book provides the reader with the tools necessary to develop policies, including an easy to use CD (fully-linked and searchable)."
Diana-Lynn Contesti, CISSP, SSCP
Information Security Officer - Dofasco Inc.

"Charles Cresson Wood...is an expert's expert, and knows more about computer security policies than anyone I know."
Michael Alexander
Editor, Datamation

"This book is invaluable to those responsible for creating or maintaining an information security policy manual or similar documents."
Belden Menkus
Editor, EDPACS