INFORMATION SECURITY POLICIES MADE EASY VERSION 14 NOW AVAILABLE!
The new Version 14 of Information Security Policies Made Easy, written by security policy expert Charles Cresson Wood, includes over 1500 sample information security policies covering all ISO 27002 information security domains. Take the work out of writing security policies.
CLICK HERE TO PURCHASE NOW!
Information Security Policies Made Easy has everything you need to build a robust security policy program, including:
Thirty-eight (38) essential sample information security policy documents:
- Complete coverage of essential security topics including: Access Control Policy, Network Security Policy, Personnel Security, Information Classification, Physical Security, Acceptable Use of Assets, and many more.
- All samples policies in our MS-Word Best Practices Policy Template. Customized in minutes!
Complete 1500+ information security policy statement library
- 1500 individual pre-written security policies covering of the latest technical, legal and regulatory issues
- ISO 17799:2005 (ISO 27002) outline format, allowing for easy gap-analysis against existing standards and security frameworks
- Expert commentary discussing the risks mitigated by each policy
- Target audience (management, technical, or user) and security environment (low, medium, high) for each policy
- Policy coverage maps for PCI-DSS, NIST, ISO 27002, FFIEC and HIPAA-HiTECH security
Expert information security policy development advice and tools
- A step-by-step checklist of security policy development tasks to quickly start a policy development project
- Helpful tips and tricks for getting management buy-in for information security policies and education
- Tips and techniques for raising security policy awareness
- Real-world examples of problems caused by missing or poor information security policies
- Essential policy compliance forms such as Risk acceptance memo, incident Reporting Form and Security Policy Compliance Agreement.
Comprehensive Information Security Policy Coverage
Information Security Policies Made Easy covers over 200 essential information security topics including:
- Access Control
- Acceptable Use
- Application Development
- Biometrics
- Computer emergency response teams
- Computer viruses
- Contingency planning
- Corporate Governance
- Data Classification and Labeling
- Data Destruction
- Digital signatures
- Economic Espionage
- Electronic commerce
- Electronic mail
- Employee surveillance
- Encryption
- Firewalls
- FAX communications
- Incident Response
- Identity Theft
- Information Ownership
- Information Security Related Terrorism
- Internet
- Local area networks
- Intranets
- Logging controls
- Microcomputers
- Mobile Devices
- Network Security
- Outsourcing security functions
- Password Management
- Personnel Screening and Security
- Portable computers (PDA, Laptops)
- Physical Security
- Privacy issues
- Security Roles and Responsibilities
- Social Engineering (including “phishing”)
- SPAM Prevention
- Telecommuting
- Telephone systems
- Third Party Access
- User security training
- Web Site Security
- Wireless Security
- Voice Over IP (VOIP)
- And many more!
What’s new in ISPME V14?
Information Security Policies Made Easy, Version 14 contains these updates:
Security Policy Library Update for the Common Policy Library (CPL)
Over 60 information security policies have been added to the Common Policy Library (CPL). Areas of focus for this update include Privileged Account Management, Third Party Security and Data Privacy Governance for the General Data Protection Regulation (GDPR).
Updated Security Policy Mappings
Version 14 contains updated mappings between the ISPME policy documents and leading regulatory frameworks. Among the updated mappings are NIST 800-53 Revision 5 and US Cyber Security Framework Version 1.1. Mappings include:
- ISO 27002:2013
- NIST 800-53 Revision 5
- PCI-DSS 3.2
- US Cyber Security Framework V 1.1
- HIPAA/HiTECH
- FFIEC (Financial Services)
- New York DFS
39 Updated “Ready-to-Go” Sample Security Policy Templates
Version 14 now contains 39 complete, pre-written sample security policy documents in MS-Word format. Twenty 20 new policy documents have been added including:
- High-Level Information Security Policy
- IT Risk Management Security Policy
- Information Security Program Policy
- Information Security Organization Policy
- Audit and Compliance Assessment Policy
- Asset Management Policy
- Acceptable Use of Assets Policy
- Acceptable Use of Social Networking Policy
- Cloud Computing Security Policy
- Mobile Computing Security Policy
- Remote Working (Telecommuting) Security Policy
- Personally Owned Devices (BYOD) Security Policy
- Information Classification Policy
- Information Exchange Policy
- Information Storage and Retention Policy
- Information and Media Disposal Policy
- Third Party Security Management Policy
- Personnel Security Management Policy
- Security Awareness and Training Policy
- Access Control Security Policy
- Account and Privilege Management Policy
- Remote Access Security Policy
- Network Security Management Policy
- Firewall Security Policy
- Wireless Network Security Policy
- Physical Access Security Policy *
- Data Center Security Policy *
- IT Operations Security Policy *
- System Configuration Management Policy
- Change Management Policy
- Malicious Software Management Policy
- Encryption and Key Management Policy
- Application Development Security Policy
- Security Incident Response Policy
- Data Breach Response Policy
- Backup and Recovery Policy
- IT Business Continuity Policy
- Log Management and Monitoring Policy
- Customer Data Privacy Policy
- Data Privacy Management Policy *
Additional New Compliance Documents
Version 14 has dramatically expanded additional documents to enable security policy governance and compliance management. We have added a formal “Information Security Governance Framework” and supported templates with policies, standards and procedures.
00 Security Policy Development Project Plan
- Information Security Management Statement (External)
- Information Security Policy Compliance Agreement
- Policy Exception Procedure / Risk Acceptance Form * Updated
- Information Security Governance Framework * New
- Security Policy Template * Updated
- Security Standard Template * New
- Security Procedure Template * New
- Information Handling Standard * New
- Employment Termination Procedure * Updated
- Change Management Procedure * New
- Security Incident Response Procedure * New
- Security Incident Reporting Form
- Identity Token Responsibility Statement
- Two-Page Non-Disclosure Agreement
- Network Harmonization Standard * Updated
- Information Security Policy Glossary * Updated
60+ New Information Security Policies
Version 14 contains 60+ additional pre-written information security policy statements with expert commentary covering the latest security threats and technologies, including:
- Audit Logging
- BYOD (Bring Your Own Device)
- Cloud Computing
- Corporate governance
- Data Breaches Response
- Disposal of equipment
- Email security including phishing
- Instant messaging
- Information Security Coordination
- USB storage
- Mobile device security
- Personnel Security
- Physical Security
- Risk Management
- Social Networking
- Supply Chain Security
- Security Department coordination
- Remote Access and Teleworking
- FAX and office machine security
- Third-Party Software Development
- Third-Party Service Management
- Third-Party Information Disclosure
- And much more!