The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first. | |
 |
Home Recent reviews Collected book news Welcome to this site |
Stopping with this site
I am stopping with this site. If you want to take over the site with domain name get in touch, e-mail address below.Book details of 'Information Security Policies Made Easy Version 9'
| Title | Information Security Policies Made Easy Version 9 |
| Author(s) | Charles Cresson Wood |
| ISBN | 1881585093 |
| Language | English |
| Published | September 2002 |
| Publisher | Baseline Software |
The Virtual Bookcase Reviews of 'Information Security Policies Made Easy Version 9':
Reviewer Rob Slade wrote:Data security texts and talks often promote numerous concepts that should be added to, or included in, security policies. There are numerous presentations in even general computer conferences on designing such policy documents. Few policies, however, actually get written. Those that do are often full of holes and gaps. Writing a security policy is an enormous undertaking, and most companies will not allow for the resources necessary to do it well. This uniquely valuable tool can save a great deal of time in the process. It is a set of over 600 sample paragraphs for a policy document, provided in both hard copy and soft copy, for ease of use. The book starts with an overview of what policies are, as distinct from guidelines, standards, procedures, and controls; the needs for, and uses of, policies; and, strategies for formation of policies. I stress, again, the word "tool." The book could be confused with a single data security policy document, albeit an overly large one. The items should, however, be tailored to your organization and vetted with care. For example, of the nine items related to computer viral programs, six contain flaws such as misleading information (ironically irrelevant to the policy under discussion), over detail (a procedure, rather than a policy), draconian measures (likely to be ignored and, therefore, weaken the whole), or policies which are admirable in themselves, but unworkable with existing technologies. Of the three remaining policies, one would be primarily useful only in a software development shop, while another would be useless in the same environment. This leaves but one policy out of the nine which is acceptable without modification regardless of business type. My choice of viral program policies in this example may be seen as unfair: after all, I am an expert in a fairly esoteric field. However, it does point out the need to thoroughly examine each policy both in terms of general usefulness and the specifics of your particular business and work environment. The book also contains references to publications, groups and standards that will be of assistance in the policy formation process. Although the price is steep, the resources contained herein are undoubtedly worth it and more for any IT shop facing the policy issue. copyright Robert M. Slade, 1994
Add my review for Information Security Policies Made Easy Version 9