Information Security Policies and Procedures

An employee’s phone rings. The voice on the other end says, “This is Joe in IT. There’s a problem with your account and I need your login and password.” Do your employees know your policies and procedures for this situation?

Your organization needs a network security policy to protect you against external threats. However many companies make a critical mistake when developing a network security policy: they forget about the people.

You can create password policies, limit access, and install firewalls, but without a set of policies and procedures that include clearly defined information security roles, your network security policy is like locking your door but leaving the window open.

The example above is called “social engineering” attack and is far more common than a hack through an open port or a worm attack. An uneducated employee could give login and password information that compromises the security of the entire network.

Information Security Roles and Responsibilities Made Easy can guide you in this important security issue. It includes over 70 security documents from department mission statements to organization structures to job descriptions for over 40 information security roles. It helps you develop the policies and procedures that will ensure employees are properly trained, security tasks are implemented correctly, and security roles are properly documented.

Information Security Roles and Responsibilities Made Easy is available either as a hardcover book and CD-ROM or as an electronic download. Order your copy today and start developing a better network security policy.