Information Security Roles & Responsibilities Made Easy, Version 2

Information Security Roles and Responsibilities Made Easy, Version 2 is the new and updated version of the best-selling security resource by Charles Cresson Wood, CISSP, CISA, CISM. ISR&R V2 is based on the 20 year consulting and security experience of Mr. Wood and contains these features to help you save money while establishing a due-care information security organization: 1. Over 70 pre-written, time-saving information security documents including: 29 information-security-related committee, board, and department mission statements, with information security responsibilities reflecting the latest technical and legal requirements. Over 40 information-security-related job descriptions 12 separate information security organization structures with discussions of pros and cons of each. Specification and discussion of 29 critical information security documents that every organization should have. 2. Justification to help increase managements awareness and funding of information security, including: How to persuade management to properly document information security roles and responsibilities, including an easily-customized sample management memorandum. Reducing the total cost of information security services by properly documented roles and responsibilities. Discussion of responsibility and liability as it relates to documented information security roles, including citations supporting the legal notion of the standard of due care. Information security staffing data and analysis to help gain management support for additional resources. Common mistakes many organizations make and how to avoid them. 3. Specific advice on how to plan, document and execute an information security infrastructure project including: Information on how to properly review and update information security roles and responsibilities, including department interview techniques. How to schedule project resources and time lines for documenting roles and responsibilities. Detailed discussion of the Data Owner, Custodian and User roles. Actions you should take to reduce your organization's exposure to workers in information security related positions of trust. The synergy between role based access control (RBAC) and clarification of information security roles and responsibilities. 4. Practical advice on how to maintain security when dealing with third parties, including: Pros and cons of outsourcing security functions, including validation and security when outsourcing. The security roles and responsibilities of software and hardware vendors. Decision-making criteria for releasing or withholding roles and responsibilities documentation to/from various external parties. 5. Valuable staffing advice and descriptions for information security professionals including: Characteristics of effective information security professionals, including discussion about the pros and cons of hiring hackers and others who have been on the wrong side of the law. Specific performance criteria for individuals and teams. An expanded list of new information professional certifications with web sites, phone numbers, and addresses for each. Information Security Roles and Responsibilities Made Easy, Version 2.0 contains easily customized documents in MS-Word format. All contents come on a fully indexed and searchable CD-ROM with linked cross-references. All contents 2005, Information Shield, Inc. All Rights Reserved