Writing Information Security Policies (Landmark (New Riders))

• Written in a clear, easy-to-understand form that management can understand, without insulting the intelligence of the technical reader.
• Great foundational reference on security and the policy considerations that must be understood by everyone concerned with information security.
• Full of practical information on the current state of information security without being specific to a particular vendor.

Almost every book on network security talks about developing a "security policy" as part of the security planning process. A good security policy should be the basis for every successful security program, yet over 60-percent of companies do not have policies or have policies that are out of date. Those references that do talk about security policies provide little information on how to actually prepare one. Fewer still help you develop and implement a good policy document that evolves with your evolving security needs. Writing Information Security Polices will help anyone involved in company seurity write a policy that can be both implemented and updated as needed, weather involved in the management or actual technical side of the business.

Scott Barman is a systems analyst for a major nonprofit research organization specializing in government information technologies. He has been involved with information security for almost 20 years, dealing with the evolution of systems and their security requirements. Since the explosion of the Internet, he has focused on security and policy development for many organizations in the Washington, D.C. area. Barman has been an instructor for George Washington University in the Client/Server and UNIX/C Certification Programs. Currently, he is a candidate for the Master of Information Systems Management at Carnegie Mellon University with a concentration in Information Security Management.