Information Security Roles and Responsibilities Made Easy, Version 2 is the new and updated version of the best-selling security resource by Charles Cresson Wood, CISSP, CISA, CISM. ISR&R V2 is based on the 20 year consulting and security experience of Mr. Wood and contains these features to help you save money while establishing a due-care information security organization: 1. Over 70 pre-written, time-saving information security documents including: · 29 information-security-related committee, board, and department mission statements, with information security responsibilities reflecting the latest technical and legal requirements. · Over 40 information-security-related job descriptions · 12 separate information security organization structures with discussions of pros and cons of each. · Specification and discussion of 29 critical information security documents that every organization should have. 2. Justification to help increase managements awareness and funding of information security, including: · How to persuade management to properly document information security roles and responsibilities, including an easily-customized sample management memorandum. · Reducing the total cost of information security services by properly documented roles and responsibilities. · Discussion of responsibility and liability as it relates to documented information security roles, including citations supporting the legal notion of the standard of due care. · Information security staffing data and analysis to help gain management support for additional resources. · Common mistakes many organizations make and how to avoid them. 3. Specific advice on how to plan, document and execute an information security infrastructure project including: · Information on how to properly review and update information security roles and responsibilities, including department interview techniques. · How to schedule project resources and time lines for documenting roles and responsibilities. · Detailed discussion of the Data Owner, Custodian and User roles. · Actions you should take to reduce your organization's exposure to workers in information security related positions of trust. · The synergy between role based access control (RBAC) and clarification of information security roles and responsibilities. 4. Practical advice on how to maintain security when dealing with third parties, including: · Pros and cons of outsourcing security functions, including validation and security when outsourcing. · The security roles and responsibilities of software and hardware vendors. · Decision-making criteria for releasing or withholding roles and responsibilities documentation to/from various external parties. 5. Valuable staffing advice and descriptions for information security professionals including: · Characteristics of effective information security professionals, including discussion about the pros and cons of hiring hackers and others who have been on the wrong side of the law. · Specific performance criteria for individuals and teams. · An expanded list of new information professional certifications with web sites, phone numbers, and addresses for each. Information Security Roles and Responsibilities Made Easy, Version 2.0 contains easily customized documents in MS-Word format. All contents come on a fully indexed and searchable CD-ROM with linked cross-references. All contents © 2005, Information Shield, Inc. – All Rights Reserved
"synopsis" may belong to another edition of this title.
Charles Cresson Wood, CISA, CISSP is an author and independent information security consultant based in Sausalito California. In the information security field on a full-time basis since 1979, he has worked as an information security management consultant at SRI International (formerly Stanford Research Institute) as well as lead network security consultant at Bank of America. He has done information security work with over 120 organizations, many of them Fortune 500 companies, including a large number of financial institutions and high-tech companies. His consulting work has taken him to over twenty different countries around the world. He is noted for his ability to integrate competing objectives (like ease-of-use, speed, flexibility and security) in customized and practical compromises that are acceptable to all parties involved. Acknowledging that information security is multi-disciplinary, multi-departmental, and often multi-organizational, he is additionally noted for his ability to synthesize a large number of complex considerations and then to document these in security architectures, system security requirements, risk assessments, project plans, policy statements, and other clear and action-oriented documents. He has published over 225 technical articles and five books in the information security field. In addition to TV and radio appearances, he has been quoted as an expert in publications such as Business Week, Christian Science Monitor, Computerworld, IEEE Spectrum, Infoworld, LA Times, Network Computing, Network World, PC Week, The Wall Street Journal, and Time. He has also presented cutting-edge information security ideas at over 100 technical and professional conferences around the globe. Mr. Wood is Senior North American Editor for the journals "Computers & Security" and "Computer Fraud & Security Bulletin", as well as a monthly columnist for "Computer Security Alert". He holds an MBA in financial information systems, an MSE in computer science, and a BSE in accounting from the Wharton School of Business at the University of Pennsylvania. He has passed the Certified Public Accountant (CPA) examination and is both a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP). In November 1996 he received the Lifetime Achievement Award from the Computer Security Institute for "sincere dedication to the computer security profession."
"About this title" may belong to another edition of this title.
Book Description Information Shield, 2005. Hardcover. Book Condition: New. Never used!. Bookseller Inventory # P111881585123
Book Description Information Shield, 2005. Hardcover. Book Condition: New. book. Bookseller Inventory # M1881585123
Book Description Information Shield. Hardcover. Book Condition: New. 1881585123 New Condition. Bookseller Inventory # NEW7.1720026