The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site

Book details of 'Writing Information Security Policies'

Cover of Writing Information Security Policies
TitleWriting Information Security Policies
Author(s)Scott Barman
PublishedNovember 2001
Web links for this book
Search at
Wikipedia booksources
Shop for this book
As an Amazon Associate I earn from qualifying purchases

Back to shelf Computer security


Vote for this book

The Virtual Bookcase Reviews of 'Writing Information Security Policies':

Reviewer Rob Slade wrote:
Until recently, the classic resource for those charged with writing security policies was "Information Security Policies Made Easy" (see reviews). Trouble was, that book made it a little bit too easy: the format encouraged people to use pieces without modification, and one size, in the security field, definitely does not fit all. This book, however, takes the opposite approach. While still aimed at the non-technical manager responsible for producing the policy, it uses minimal examples, concentrating on the process of policy formation. Part one looks at starting the process. Chapter one defines what policies are and why they are important, and outlines the first steps needed to proceed. A good, broad outline of what your company should have in the way of a policy comes in chapter two. Finally, the responsibilities of different departments; their activities and roles; are presented in chapter three. Part two covers the main body of security policy development. Chapter four starts out with physical security. As noted above, readers will have to go beyond the example policies given in the text, but these samples do provide a reasonable guide for what the final items should look like. Authentication and network security is dealt with in chapter five, although the telecommunications material is quite limited. Some of this lack is made up in chapter six's review of Internet policy, which goes beyond firewalls to examine training, applications, e-commerce, and other areas. Email use has a set of special requirements separate from those of the net, and these are addressed in chapter seven. Unfortunately, as with all too many works, the review of malware policies, in chapter eight, is weaker than the rest of the book. (Does the example policy to use "all means to prevent the spread of computer viruses" mean that you can't use Microsoft products? And why, in this day and age of "fast burner" email viruses, is a signature update every thirty days deemed sufficient?) The limited technical background also contributes to the frailty of chapter nine's overview of encryption. Some policies are too broad, while there are missing areas that may need to be addressed, depending upon industry and operations. Chapter ten has very solid coverage of application development policies, which are all too often neglected in other works. Part three is concerned with maintaining the policies. Chapter eleven seems slightly off topic, as it deals with acceptable use policies. However, chapter twelve looks at the roles and responsibilities involved in compliance and enforcement. A short precis of the policy review process ends the book in chapter thirteen. While not a panacea, this book is clear, well written, and helpful. There is valuable advice packed into few enough pages that a manager should be able to read it on a cross-country plane trip. copyright Robert M. Slade, 2002

Add my review for Writing Information Security Policies

Book description:

Administrators, more technically savvy than their managers, have started to secure the networks in a way they see as appropriate. When management catches up to the notion that security is important, system administrators have already altered the goals and business practices. Although they may be grateful to these people for keeping the network secure, their efforts do not account for all assets and business requirementsFinally, someone decides it is time to write a security policy. Management is told of the necessity of the policy document, and they support its development. A manager or administrator is assigned to the task and told to come up with something, and fast!Once security policies are written, they must be treated as living documents. As technology and business requirements change, the policy must be updated to reflect the new environment--at least one review per year. Additionally, policies must include provisions for security awareness and enforcement while not impeding corporate goals. This book serves as a guide to writing and maintaining these all-important security policies.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (120)
Cars and driving (53)
Cartoons (45)
Children's books (180)
Computer (475)
Computer history/fun (113)
Computer networks (382)
Computer programming (215)
Computer security (272)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (71)
History (138)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (85)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (56)
Technology (14)
Travel guides (308)
War and weapons (29)
World Wide Web (213)
Zen (5)
Other books (89)

The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail
Site credits
Copyright © 2000-2022 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement