Customer Reviews

Information Security Policy Manual (With CD-ROM)

5 star:		(1)
4 star:		(2)
3 star:		(0)
2 star:		(0)
1 star:		(2)

 

 

This book is probably the most valuable resource in my professional library. My only regret is that I did not have it a year ago because it could have saved a substantial amount of money on two consulting assignments. The first assignment was developing policies, processes and procedures for managing a CLEC's (competitive local exchange carrier) data center facilities. Much of my research was focused on a number of topics in this book. I could have literally shaved 80 hours off of the research and policy development tasks had this book been available. The value? Based on my hourly billing rate to the client, which is a multiple of the price of this book, the savings would have been significant. The second assignment was developing recovery processes for a national wireless carrier. In this case I could have saved over 200 hours of research and writing had this book been handy.

Some of the policies in this book are somewhat out of date, such as system sign-on screens and printing and distribution of reports. While we still sign onto systems these days, the policy for that area seems more applicable to terminals. And while there is still a lot of printing done in this so-called paperless world, it is done on an ad hoc basis and not centrally managed. On the other hand, a simple rewrite aligns even the most archaic policy statements into ones that will meet modern needs.

Among the best policy statements in this book (and on accompanying CD ROM, which saves even more time) are: application ownership (this can also be linked to service level agreements), computer room access (too often overlooked by security staff trying to shore up their Internet exposures), off site storage (when was the last time you saw a formal policy on that?), data ownership, and record retention/disposal (this is one that will send you on a frantic search through legal databases). Each of these policy statements are well thought out and clearly written.

I personally think that, page for page, this book is one of the best values you will find if you need to develop an internal corporate security policy, or you are a consultant doing this for a living. The fact that it also comes with a CD ROM and documents in electronic format makes this an even better value. I strongly recommend it and will never be without it.

Finally a book that delivers exactly what it promises. To put together the initial set of policies for management consideration, I was able to just modify the sample policies to fit our organization. Really a major time saver.

Would be better if they were updated to more accurately address server farms but these changes can be made quickly.

Great source for IT Security Policies! Walks you through the basic steps of developing specific policies. Perfect for small and medium size businesses and a good stepping stone and guide for larger businesses.

I ordered this "book" with CD based on the previous reviews. I received my shipment today with no book and just a CD in the box!
The policies on the CD were of similar quality to those freely available in the web.
Do not waste your money there are plenty of good policy resources out there and this is not one of them!

You're better off just pocketing it and telling your boss you
bought something. You could make up a policy from scratch,
with just 1 hour of Internet research, that would be as good
as what this book offers.

It's not that what it has is bad. It's just missing far too
much. There are no guidelines on how to generate a useful policy,
just a sample policy where you fill in some blanks.
It's ok if you want to just have a policy for the sake of
having one, but why spend one hundred for that?

I think it does give you one idea of what a policy might look
like, but I wouldn't pay money for it.