Poetry Madness

Special Offers see all

Enter to WIN a $100 Credit

Subscribe to PowellsBooks.news
for a chance to win.
Privacy Policy

Visit our stores

    Recently Viewed clear list

    Interviews | March 10, 2015

    Shawn Donley: IMG Claire Fuller: The Powells.com Interview

    Claire FullerOur Endless Numbered Days tells the story of eight-year-old Peggy and her survivalist father, James, who inexplicably leave behind their London home... Continue »

Qualifying orders ship free.
List price: $34.99
Used Trade Paper
Ships in 1 to 3 days
Add to Wishlist
available for shipping or prepaid pickup only
Available for In-store Pickup
in 7 to 12 days
Qty Store Section
3 Partner Warehouse Internet- General

More copies of this ISBN

Writing Information Security Policies (01 Edition)


Writing Information Security Policies (01 Edition) Cover


Synopses & Reviews

Please note that used books may not include additional media (study guides, CDs, DVDs, solutions manuals, etc.) as described in the publisher comments.

Publisher Comments:

Administrators, more technically savvy than their managers, have started to secure the networks in a way they see as appropriate. When management catches up to the notion that security is important, system administrators have already altered the goals and business practices. Although they may be grateful to these people for keeping the network secure, their efforts do not account for all assets and business requirements Finally, someone decides it is time to write a security policy. Management is told of the necessity of the policy document, and they support its development. A manager or administrator is assigned to the task and told to come up with something, and fast! Once security policies are written, they must be treated as living documents. As technology and business requirements change, the policy must be updated to reflect the new environment--at least one review per year. Additionally, policies must include provisions for security awareness and enforcement while not impeding corporate goals. This book serves as a guide to writing and maintaining these all-important security policies.


This guide demonstrates how to protect your assets by starting with a good security policy. It explores the security and policy considerations that must be understood by everyone concerned with information security, and is written in an easy-to-understand form.


Written in a clear, easy-to-understand form that management can understand, without insulting the intelligence of the technical reader. Great foundational reference on security and the policy considerations that must be understood by everyone concerned with information security.

About the Author

Scott Barman is currently an information Security and Systems Architecture Analyst for The MITRE Corporation (http://www.mitre.org). He has been involved with information security for almost 20 years, nurturing the evolution of systems and their security requirements for commercial organizations and government agencies. Since the explosion of the Internet and prior to joining MITRE, he had focused on various areas of security and policy development for many organizations in the Washington, D.C. area. The inspiration for this book came from his SANS '99 presentation. He earned his undergraduate degree from the University of Georgia and a Masters of Information Systems Management from Carnegie Mellon University (http://www.mism.cmu.edu).

The reviewers contributed their considerable hands-on expertise to the entire development process for Writing Information Security Policies. As the book was being written, these dedicated professionals reviewed all the material for technical content, organization, and flow. Their feedback was critical to ensuring that Writing Information Security Policies fits our reader's need for the highest-quality technical information.

David Neilan has been working in the computer/network industry for over 10 years, the last six dealing primarily with network/Internet connectivity and security. From 1991 to 1995, he worked for Intergraph, dealing with graphics systems and networking. From 1995 to 1998, he was with Digital Equipment, working with DEC firewalls and network security. From 1998 to 2000, he was with Online Business Systems, doing LAN/WAN and Internet security. David is currently running a business, Security Technologies, in the network/security realm; he is working with local companies to enable and secure their networks. He is designing network infrastructures to support secure LAN/WAN connectivity for various companies utilizing Microsoft 2000 and Cisco products and the Internet to create secure Virtual Private Networks. David also has been beta testing Microsoft operating systems since Windows For Workgroups, WFW3.11, and has worked part-time as a technical editor on many Microsoft/networking/security books.

Larry Paccone is a Principal National/Systems Security Analyst at Logicon/TASC. As both a technical lead and project manager, he has worked in the Internet and network/systems security arena for more than eight years. He has been the technical lead for several network security projects supporting a government network/systems security research and development laboratory. Prior to that, Larry worked for five years at The Analytical Sciences Corporation (TASC) as a national security analyst assessing conventional military force structures. He has an M.S. in Information Systems, an M.A. in International Relations, and a B.A. in Political Science. He also has completed eight professional certifications in network and systems security, internetworking, wide area networking, Cisco routing/switching, and Windows NT.

Table of Contents

(NOTE: Each chapter concludes with a Summary.)


1. What Information Security Policies Are.

About Information Security Policies. Why Policies Are Important. When Policies Should Be Developed. How Policies Should Be Developed.
2. Determining Your Policy Needs.

Identify What Is to Be Protected. Identify From Whom It Is Being Protected. Data Security Considerations. Backups, Archival Storage, and Disposal of Data. Intellectual Property Rights and Policies. Incident Response and Forensics.
3. Information Security Responsibilities.

Management Responsibility. Role of the Information Security Department. Other Information Security Roles. Understanding Security Management and Law Enforcement. Information Security Awareness Training and Support.


4. Physical Security.

Computer Location and Facility Construction. Facilities Access Controls. Contingency Planning. General Computer Systems Security. Periodic System and Network Configuration Audits. Staffing Considerations.
5. Authentication and Network Security.

Network Addressing and Architecture. Network Access Control. Login Security. Passwords. User Interface. Access Controls. Telecommuting and Remote Access.
6. Internet Security Policies.

Understanding the Door to the Internet. Administrative Responsibilities. User Responsibilities. World Wide Web Policies. Application Responsibilities. VPNs, Extranets, Intranets, and Other Tunnels. Modems and Other Backdoors. Employing PKI and Other Controls. Electronic Commerce.
7. Email Security Policies.

Rules for Using Email. Administration of Email. Use of Email for Confidential Communication.
8. Viruses, Worms, and Trojan Horses.

The Need for Protection. Establishing the Type of Virus Protection. Rules for Handling Third-Party Software. User Involvement with Viruses.
9. Encryption.

Legal Issues. Managing Encryption. Handling Encryption and Encrypted Data. Key Generation Considerations. Key Management.
10. Software Development Policies.

Software Development Processes. Testing and Documentation. Revision Control and Configuration Management. Third-Party Development. Intellectual Property Issues.


11. Acceptable Use Policies.

Writing the AUP. User Login Responsibilities. Use of Systems and Network. User Responsibilities. Organization's Responsibilities and Disclosures. Common-Sense Guidelines About Speech.
12. Compliance and Enforcement.

Testing and Effectiveness of the Policies. Publishing and Notification Requirements of the Policies. Monitoring, Controls, and Remedies. Administrator's Responsibility. Logging Considerations. Reporting of Security Problems. Considerations When Computer Crimes Are Committed.
13. The Policy Review Process.

Periodic Reviews of Policy Documents. What the Policy Reviews Should Include. The Review Committee.


Appendix A. Glossary.

Appendix B. Resources.

Incident Response Teams. Other Incident Response Information. Virus Protection. Vendor-Specific Security Information. Security Information Resources. Security Publications. Industry Consortia and Associations. Hacker and “Underground” Organizations. Health Insurance Portability and Accountability Act. Survivability. Cryptography Policies and Regulations. Security Policy References.
Appendix C. Sample Policies.

Sample Acceptable Use Policy. Sample Email Security Policy. Sample Administrative Policies.

Product Details

Barman, Scott
Indianapolis, Ind.
Programming - General
Operating Systems - General
Computer security
Data protection
Security - General
Internet - Security
Computer security -- Management.
Networking-Computer Security
Edition Description:
Trade paper
Landmark (New Riders)
Series Volume:
no. 29
Publication Date:
November 2001
Grade Level:
9 x 7 x 0.8 in 340 gr

Other books you might like

  1. The Cert(r) Guide to System and...
    New Trade Paper $45.50

Related Subjects

Computers and Internet » Internet » General
Computers and Internet » Networking » Computer Security
Computers and Internet » Operating Systems » General
Computers and Internet » Software Engineering » Programming and Languages
Science and Mathematics » Biology » General

Writing Information Security Policies (01 Edition) Used Trade Paper
0 stars - 0 reviews
$27.00 In Stock
Product details 240 pages Sams - English 9781578702640 Reviews:
"Synopsis" by , This guide demonstrates how to protect your assets by starting with a good security policy. It explores the security and policy considerations that must be understood by everyone concerned with information security, and is written in an easy-to-understand form.
"Synopsis" by , Written in a clear, easy-to-understand form that management can understand, without insulting the intelligence of the technical reader. Great foundational reference on security and the policy considerations that must be understood by everyone concerned with information security.
  • back to top


Powell's City of Books is an independent bookstore in Portland, Oregon, that fills a whole city block with more than a million new, used, and out of print books. Shop those shelves — plus literally millions more books, DVDs, and gifts — here at Powells.com.