Customer Reviews

Information Security Policies and Procedures: A Practitioner's Reference, Second Edition

5 star:		(4)
4 star:		(0)
3 star:		(1)
2 star:		(1)
1 star:		(1)

 

 

This is a useful book for me to reference, especially when I deal with challenges in security policy framework review. The most impressive pages include the tier 1-2-3 framework, proper wordings in policy, policy sample studies and analysis, complete checklist and questionnaire.

After reading this book or on-and-off reference, I always remember four major elements in a policy:

1. Topic

2. Scope

3. Responsibility

4. Compliance

In addition, I have shared this book with an IT supervisor, he always go for this book for the team reference. I do feel happy to recommend it. Moreover, it readily happens to me I could apply the hints and tips from this book to the revised policy. Meanwhile, compared with the company's policy, it is undoubted organized and logical.

Be honest, in reality, many people still always mix up policy, standard and procedures as well as guidelines and produce a "Spaghetti-like" document to deal with auditor and compliance once a year only, you could say, many companies treat it as a last-minute homework.

While this is a good reference, it's value does not match its price. The entire book in not included on the CD and the book does not include a "complete" set of policies. It is certainly enough to get you started, but not enough to complete the task.

If you are considering buying a used copy from an amazon marketplace seller as I did, be careful. The pages did not fit the binder and the CD was missing its setup file. I had to return it.

If you need assistance with security policies and procedures, take a look at Thomas Peltier's other book, Information Security Policies, Procedures and Standards: Guidelines for Effective Information Security Management. It contains almost all of the same material, at a much more reasonable price.

This is one of the best books available for information systems security polices. The book covers tier 1 and tier 2 policies. This book looks at policies as a business enabler where policies support management's organizational goals. Great samples!

It explains how why and how to integrate security policies and procedures across all tiers of software engineering organization. I had limited understanding f and this book helped me to get deep in to details and understand at an organization level.

I recommend this for all engineers and managers in sofware organization.

I must agree with the previous reviewer, this book is lacking.
I bought a copy new and had the same problem where the
holes punched in the paper does not match the binder spacing.
What terrible quality. I had to force myself to even read
through the book after that.

And I found it lacking. The first part has some good info
about how to write a policy. Good but not great.

The second part was a sample policy/standard/procedure rolled
into one. I found it too thin and missing too much to be
really useful.

I haven't looked at the text the previous reviewer recommends,
but I have to say, given another book with similar content,
definitely stay away from this one.

My personal recommendation is Information Security Policies
Made Easy, by Charles Cresson Wood. It's pricey but oh so
worth it.

If you are doing infosec policy dev., this book is aweseome!

It saved me 10 hours this week alone.

I ordered this book a month ago for class. I am now in starting my third week of the class with no book. I have been getting help from my peers who have scanned to me the assigned reading pages. The seller claims that it may be my post office. I've been getting my daily mail, along with packages, regularly though. So where is my package!!! I've emailed the seller several times asking where is my package. I wouldn't have to ask if I was given a tracking #, but the seller said he didn't have one.