Information Security Roles and Responsibilities Made Easy, Version 2 is the new and updated version of the best-selling security resource by Charles Cresson Wood, CISSP, CISA, CISM. ISR&R V2 is based on the 20 year consulting and security experience of Mr. Wood and contains these features to help you save money while establishing a due-care information security organization: 1. Over 70 pre-written, time-saving information security documents including: • 29 information-security-related committee, board, and department mission statements, with information security responsibilities reflecting the latest technical and legal requirements. • Over 40 information-security-related job descriptions • 12 separate information security organization structures with discussions of pros and cons of each. • Specification and discussion of 29 critical information security documents that every organization should have. 2. Justification to help increase managements awareness and funding of information security, including: • How to persuade management to properly document information security roles and responsibilities, including an easily-customized sample management memorandum. • Reducing the total cost of information security services by properly documented roles and responsibilities. • Discussion of responsibility and liability as it relates to documented information security roles, including citations supporting the legal notion of the standard of due care. • Information security staffing data and analysis to help gain management support for additional resources. • Common mistakes many organizations make and how to avoid them. 3. Specific advice on how to plan, document and execute an information security infrastructure project including: • Information on how to properly review and update information security roles and responsibilities, including department interview techniques. • How to schedule project resources and time lines for documenting roles and responsibilities. • Detailed discussion of the Data Owner, Custodian and User roles. • Actions you should take to reduce your organization's exposure to workers in information security related positions of trust. • The synergy between role based access control (RBAC) and clarification of information security roles and responsibilities. 4. Practical advice on how to maintain security when dealing with third parties, including: • Pros and cons of outsourcing security functions, including validation and security when outsourcing. • The security roles and responsibilities of software and hardware vendors. • Decision-making criteria for releasing or withholding roles and responsibilities documentation to/from various external parties. 5. Valuable staffing advice and descriptions for information security professionals including: • Characteristics of effective information security professionals, including discussion about the pros and cons of hiring hackers and others who have been on the wrong side of the law. • Specific performance criteria for individuals and teams. • An expanded list of new information professional certifications with web sites, phone numbers, and addresses for each. Information Security Roles and Responsibilities Made Easy, Version 2.0 contains easily customized documents in MS-Word format. All contents come on a fully indexed and searchable CD-ROM with linked cross-references. All contents © 2005, Information Shield, Inc. – All Rights Reserved
FREE Two-Day Shipping for students on millions of items. Learn more |
Book Description
Editorial Reviews
About the Author
Charles Cresson Wood, CISA, CISSP is an author and independent information security consultant based in Sausalito California. In the information security field on a full-time basis since 1979, he has worked as an information security management consultant at SRI International (formerly Stanford Research Institute) as well as lead network security consultant at Bank of America. He has done information security work with over 120 organizations, many of them Fortune 500 companies, including a large number of financial institutions and high-tech companies. His consulting work has taken him to over twenty different countries around the world. He is noted for his ability to integrate competing objectives (like ease-of-use, speed, flexibility and security) in customized and practical compromises that are acceptable to all parties involved. Acknowledging that information security is multi-disciplinary, multi-departmental, and often multi-organizational, he is additionally noted for his ability to synthesize a large number of complex considerations and then to document these in security architectures, system security requirements, risk assessments, project plans, policy statements, and other clear and action-oriented documents. He has published over 225 technical articles and five books in the information security field. In addition to TV and radio appearances, he has been quoted as an expert in publications such as Business Week, Christian Science Monitor, Computerworld, IEEE Spectrum, Infoworld, LA Times, Network Computing, Network World, PC Week, The Wall Street Journal, and Time. He has also presented cutting-edge information security ideas at over 100 technical and professional conferences around the globe. Mr. Wood is Senior North American Editor for the journals "Computers & Security" and "Computer Fraud & Security Bulletin", as well as a monthly columnist for "Computer Security Alert". He holds an MBA in financial information systems, an MSE in computer science, and a BSE in accounting from the Wharton School of Business at the University of Pennsylvania. He has passed the Certified Public Accountant (CPA) examination and is both a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP). In November 1996 he received the Lifetime Achievement Award from the Computer Security Institute for "sincere dedication to the computer security profession."
Product Details
Would you like to update product info or give feedback on images?
|
More About the Author
Recipient of Computer Security Institute's Lifetime Achievement Award.
Charles Cresson Wood, CISSP, CISM, CISA is an author and independent information security consultant based in Mendocino, California. In the information security field on a full-time basis since 1979, he has worked as an information security management consultant at SRI International (formerly Stanford Research Institute) as well as lead network security consultant at Bank of America. He has done information security work with over 120 organizations, many of them Fortune 500 companies, including a large number of financial institutions and high-tech companies. His consulting work has taken him to over twenty different countries around the world.
He is noted for his ability to integrate competing objectives (like ease-of-use, speed, flexibility and security) in customized and practical compromises that are acceptable to all parties involved. Acknowledging that information security is multi-disciplinary, multi-departmental, and often multi-organizational, he is additionally noted for his ability to synthesize a large number of complex considerations and then to document these in security architectures, system security requirements, risk assessments, project plans, policy statements, and other clear and action-oriented documents.
He has published over 300 technical articles and five books in the information security field. In addition to TV and radio appearances, he has been quoted as an expert in publications such as Business Week, Christian Science Monitor, Computerworld, IEEE Spectrum, Infoworld, LA Times, Network Computing, Network World, PC Week, The Wall Street Journal, and Time. He has also presented cutting-edge information security ideas at over 100 technical and professional conferences around the globe.
Mr. Wood is Senior North American Editor for the journals "Computers & Security" and "Computer Fraud & Security Bulletin", as well as a monthly columnist for "Computer Security Alert". He holds an MBA in financial information systems, an MSE in computer science, and a BSE in accounting from the Wharton School of Business at the University of Pennsylvania. He has passed the Certified Public Accountant (CPA) examination and is both a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP). In November 1996 he received the Lifetime Achievement Award from the Computer Security Institute for "sincere dedication to the computer security profession."
Here is a sampling of the over 335 security related articles by Charles Cresson Wood:
"Researchers Must Disclose All Sponsors And Potential Conflicts," Computer Security Alert, No. 197, March 2000; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 220]
"Integrated Approach Includes Information Security," Security, pp. 43-44, February 2000; Publisher: Cahners, Des Plains, IL. [pub. no. 219]
"Get Data Safety Policies In Place," American Banker, 11 February 2000, p. 7; Publisher: American Banker, New York, NY. [pub. no. 218]
"All Internet Personal Data Gathering Techniques Must Be Disclosed," Computer Security Alert, No. 196, February 2000; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 217]
"The Information Security Profession: Evolutionary Career Paths," Information Security, November 1999; Publisher: published by ICSA.net, Norwood, MA. [pub. no. 214]
"Disclosures Of Private Information Without Data Subject Consent," Computer Security Alert, No. 193, November 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 212]
"Termination Of Outsourcing Contracts For Security Violations," Computer Security Alert, No. 191, September 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 210]
"Top Ten Impediments To Implementing An Information Security Policy," Information Security, September 1999, Publisher: Information Security, Norwood, MA (cover story). [pub. no. 209]
"A Functional Comparison Of Tandem Data Replication Software Packages," an extensive independent report prepared for customers and prospects, August 1999; Publisher: Compaq Corporation, Cupertino, CA. [pub. no. 207]
"Subjects Given Opportunity To Block Private Information Disclosures," Computer Security Alert, No. 189, June 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 205]
"Use Of Personal Digital Assistants, Hand-Held Computers, And Smart Phones For Corporate Business Information," Computer Security Alert, No. 186, March 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 202]
"All Systems Access Privileges Cease When Workers Terminate," Computer Security Alert, No. 185, February 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 202]
"Non-Compliance And Disciplinary Action," Computer Security Alert, No. 182, November 1998; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 198]
"Convenience Versus Multi-Factor User Authentication," Computer Security Alert, No. 181, October 1998; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 196]
"Twelve New Vulnerabilities Introduced by Internet Commerce," Information Security Bulletin, September 1998 (volume 3, issue 6, cover story), Publisher: Chi Publishing Ltd., London, England. [pub. no. 195]
"All Telephone Transactions Require Positive Caller Identification," Computer Security Alert, No. 179, August 1998; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 193]
"The Truth About Masquerading and Spoofing," Network Magazine, February 1998; Publisher: Miller Freeman, San Francisco, CA. [pub. no. 183]
"Unauthorized Information Disclosure and Loss of Stock Options," Computer Security Alert, No. 173, December 1997; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 185]
"Managing Perceptions About Internet Electronic Commerce Security," Computer Security, Audit & Control, February 1997; Publisher: Management Advisory Services Publications, Wellesley Hills, MA. [pub. no. 165]
"Information Security: Are We Winning the Game?" Computer Fraud &Security Bulletin, January 1997; Publisher: Elsevier Science Technology, Oxford, England. [pub. no. 162]
"Encryption for Files Left on Anonymous FTP Servers," Computer Security Alert, No. 163, October 1996; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 159]
"Encryption Systems Must Include Key Escrow," Computer Security Alert, No. 157, April 1996; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 152]
"Cryptography Plays Central Role in Future Electronic Commerce," March 1996, pp. 9-10, Computer Fraud & Security Bulletin; Publisher: Elsevier Science Technology, Oxford, England. [pub. no. 151]
"Users Must Not Attempt to Eradicate Viruses," Computer Security Alert, No. 156, March 1996; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 150]
"EDP Audit Must Be Independent of Information Security," Computer Security Alert, No. 155, February 1996; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 147]
"Reliance on Information Downloaded From Internet," Computer Security Alert, No. 153, December 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 145]
"When to Report Computer Crimes to Law Enforcement," Computer Security Alert, No. 151, October 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 141]
"New Intellectual Property and the Need for Information Security," Computer Fraud & Security Bulletin, September 1995, pp. 18-19; Publisher: Elsevier Science Ltd., Oxford, England. [pub. no. 139]
"Require Approval for Official Statements Posted to the Internet," Computer Security Alert, No. 149, August 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 136]
"Internet Anarchy and the Effectiveness of Laws," Computerworld, 12 June 1995. Expanded version also appears as "Need for Worldwide Internet Laws," in Computer Fraud & Security Bulletin, p.10, July 1995, Elsevier Science Publishers, Oxford, England. [pub. no. 133]
"ISO 9000 and Information Security," Computers & Security, vol. 14, no. 4, pp. 287-288, October 1995; Publisher: Elsevier Science Publishers, Oxford, England (co-author Karen Snow). [pub. no. 131]
"Why SATAN Should Not Have Been Distributed As It Was," Computer Security Alert, No. 146, May 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 128]
"Destroy Archived Electronic Mail Periodically," Computer Security Alert, No. 142, January 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 124]
"Wireless Network Security," Proceedings of Wireless Datacom '94 Conference held in Washington, DC, 6-8 December 1994; Publisher: Business Communications Review, Hinsdale, IL. [pub. no. 122]
"Fifty Ways to Secure Dial-Up Communications," Computers & Security, May 1994, vol. 13, no. 3, pp. 209-215; Publisher: Elsevier Advanced Technology, Oxford, England. [pub. no. 118]
"Identity Token Usage at American Commercial Banks," Computer Fraud & Security Bulletin, March 1995; Publisher:Elsevier Science Publishers, Oxford England, pp. 14-16. [pub. no. 114]
"Security Problems in Collaborative Computing," Network World, October 1994; Publisher: International Data Group, Framingham, MA. [pub. no. 113]"The Newest Threat to Information Security: Open Book Management," EDPACS, August 1994; Publisher: WarrenGorham Lamont, Boston, MA. [pub. no. 110]
"Principles of Secure Information Systems Design with Groupware Examples," Proceedings of the Groupware '92 Conference, held in San Jose, California 3-5 August 1992; Publisher: Morgan Kaufmann Publishers, San Mateo, CA. [pub. no. 75]"A Strategy for Developing Information Security Documents," Journal of Information Systems Security, vol. 1, issue 2, Summer 1992, pp. 71-78; Publisher: Auerbach Publishers, New York, NY (co-author: Juhani Saari). [pub. no. 68]
"Using Information Security to Achieve Competitive Advantage," Proceedings of the 18th Annual CSI Conference, Miami, Florida, November 11-15, 1991; Publisher: Computer Security Institute, San Francisco, California. [pub. no. 58]"Data Dictionaries and Information Security," Proceedings of SECURICOM '84 International Conference, Cannes, France, 29 February - 2 March 1984, pp. 55-63; Publisher: SEDEP, Paris, France. [pub. no. 24
"International Barriers to Information Flows," SRI International Business Intelligence Report, Report #1057, March 1981; Publisher: SRI International, Menlo Park, CA. [pub. no. 10]
"Computer Crime: Criminal Justice Resource Manual," with Parker, Donn B., Publisher: U.S. Government Printing Office, Washington, DC; prepared for U.S. Department of Justice; order no. 1979-311-379/1710, 1979. [pub. no. 1]
Books Written by Charles Cresson Wood:
Information Security Policies Made Easy [a book of 1300+ already-written policies provided in both hardcopy and CD-ROM], AND in it's 11th edition, 2010; Publisher: Information Shield, Houston, TX, USA; ISBN# 1-881585-16-9.
Information Security Roles & Responsibilities Made Easy provides practical, step-by-step instructions on how to develop specific information security roles and responsibilities.It includes 40 different job descriptions, 24 organizational mission statements, 15 alternative reporting relationships, and the most comprehensive set of already-written information security roles & responsibilities documents available anywhere. Publisher: NetIQ Corporation, San Jose, USA; ISBN# 1-881585-08-5.
Best Practices in Internet Commerce Security [derived from a survey of Internet merchants, Internet service providers (ISPs), Internet commerce hosting firms, Internet Trusted Third Parties (TTPs), and Internet commerce software vendors], 1998; Publisher: NetIQ Corporation, San Jose, CA, USA; ISBN#1-881585-05-0.
How to Handle Internet Electronic Commerce Security: Risks, Controls & Product Guide [a guide for the design and specification of Internet security measures], released in 1996; Publisher: NetIQ Corporation, San Jose, CA, USA; ISBN#1-881585-03-4.
Effective Information Security Management [a book of tools and techniques for dealing with information security problems], 1991; Publisher: Elsevier Advanced Technology, Oxford, England; ISBN#1-85617-070-5.
Computer Security: A Comprehensive Controls Checklist [a book detailing standard control practices -- particularly useful for audits and reviews], 1987; Publisher: John Wiley & Sons, New York, NY, USA; ISBN#O-471-84795-X.
Consulting Services Include:
Information systems risk analysis and EDP audits
Enterprise-wide information security policy development
Organizational infrastructure for information security
Customized security solutions for cutting-edge application systems
Security design reviews for Internet commerce merchants and banks
Network security architecture compilation and documentation
Expert witness testimony and strategy for computer crime trials
Training and awareness program development and presentation
For more information about information security consulting services click here.
As a matter of policy, Mr. Wood does not accept referral fees, marketing finder's fees, sales commissions, or any other financial remuneration for mentioning information security products or services to clients. In this way he can be truly independent and make recommendations, which are unquestionably in the best interests of consulting clients.
Charles Cresson Wood, CISSP, CISM, CISA is an author and independent information security consultant based in Mendocino, California. In the information security field on a full-time basis since 1979, he has worked as an information security management consultant at SRI International (formerly Stanford Research Institute) as well as lead network security consultant at Bank of America. He has done information security work with over 120 organizations, many of them Fortune 500 companies, including a large number of financial institutions and high-tech companies. His consulting work has taken him to over twenty different countries around the world.
He is noted for his ability to integrate competing objectives (like ease-of-use, speed, flexibility and security) in customized and practical compromises that are acceptable to all parties involved. Acknowledging that information security is multi-disciplinary, multi-departmental, and often multi-organizational, he is additionally noted for his ability to synthesize a large number of complex considerations and then to document these in security architectures, system security requirements, risk assessments, project plans, policy statements, and other clear and action-oriented documents.
He has published over 300 technical articles and five books in the information security field. In addition to TV and radio appearances, he has been quoted as an expert in publications such as Business Week, Christian Science Monitor, Computerworld, IEEE Spectrum, Infoworld, LA Times, Network Computing, Network World, PC Week, The Wall Street Journal, and Time. He has also presented cutting-edge information security ideas at over 100 technical and professional conferences around the globe.
Mr. Wood is Senior North American Editor for the journals "Computers & Security" and "Computer Fraud & Security Bulletin", as well as a monthly columnist for "Computer Security Alert". He holds an MBA in financial information systems, an MSE in computer science, and a BSE in accounting from the Wharton School of Business at the University of Pennsylvania. He has passed the Certified Public Accountant (CPA) examination and is both a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP). In November 1996 he received the Lifetime Achievement Award from the Computer Security Institute for "sincere dedication to the computer security profession."
Here is a sampling of the over 335 security related articles by Charles Cresson Wood:
"Researchers Must Disclose All Sponsors And Potential Conflicts," Computer Security Alert, No. 197, March 2000; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 220]
"Integrated Approach Includes Information Security," Security, pp. 43-44, February 2000; Publisher: Cahners, Des Plains, IL. [pub. no. 219]
"Get Data Safety Policies In Place," American Banker, 11 February 2000, p. 7; Publisher: American Banker, New York, NY. [pub. no. 218]
"All Internet Personal Data Gathering Techniques Must Be Disclosed," Computer Security Alert, No. 196, February 2000; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 217]
"The Information Security Profession: Evolutionary Career Paths," Information Security, November 1999; Publisher: published by ICSA.net, Norwood, MA. [pub. no. 214]
"Disclosures Of Private Information Without Data Subject Consent," Computer Security Alert, No. 193, November 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 212]
"Termination Of Outsourcing Contracts For Security Violations," Computer Security Alert, No. 191, September 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 210]
"Top Ten Impediments To Implementing An Information Security Policy," Information Security, September 1999, Publisher: Information Security, Norwood, MA (cover story). [pub. no. 209]
"A Functional Comparison Of Tandem Data Replication Software Packages," an extensive independent report prepared for customers and prospects, August 1999; Publisher: Compaq Corporation, Cupertino, CA. [pub. no. 207]
"Subjects Given Opportunity To Block Private Information Disclosures," Computer Security Alert, No. 189, June 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 205]
"Use Of Personal Digital Assistants, Hand-Held Computers, And Smart Phones For Corporate Business Information," Computer Security Alert, No. 186, March 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 202]
"All Systems Access Privileges Cease When Workers Terminate," Computer Security Alert, No. 185, February 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 202]
"Non-Compliance And Disciplinary Action," Computer Security Alert, No. 182, November 1998; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 198]
"Convenience Versus Multi-Factor User Authentication," Computer Security Alert, No. 181, October 1998; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 196]
"Twelve New Vulnerabilities Introduced by Internet Commerce," Information Security Bulletin, September 1998 (volume 3, issue 6, cover story), Publisher: Chi Publishing Ltd., London, England. [pub. no. 195]
"All Telephone Transactions Require Positive Caller Identification," Computer Security Alert, No. 179, August 1998; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 193]
"The Truth About Masquerading and Spoofing," Network Magazine, February 1998; Publisher: Miller Freeman, San Francisco, CA. [pub. no. 183]
"Unauthorized Information Disclosure and Loss of Stock Options," Computer Security Alert, No. 173, December 1997; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 185]
"Managing Perceptions About Internet Electronic Commerce Security," Computer Security, Audit & Control, February 1997; Publisher: Management Advisory Services Publications, Wellesley Hills, MA. [pub. no. 165]
"Information Security: Are We Winning the Game?" Computer Fraud &Security Bulletin, January 1997; Publisher: Elsevier Science Technology, Oxford, England. [pub. no. 162]
"Encryption for Files Left on Anonymous FTP Servers," Computer Security Alert, No. 163, October 1996; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 159]
"Encryption Systems Must Include Key Escrow," Computer Security Alert, No. 157, April 1996; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 152]
"Cryptography Plays Central Role in Future Electronic Commerce," March 1996, pp. 9-10, Computer Fraud & Security Bulletin; Publisher: Elsevier Science Technology, Oxford, England. [pub. no. 151]
"Users Must Not Attempt to Eradicate Viruses," Computer Security Alert, No. 156, March 1996; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 150]
"EDP Audit Must Be Independent of Information Security," Computer Security Alert, No. 155, February 1996; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 147]
"Reliance on Information Downloaded From Internet," Computer Security Alert, No. 153, December 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 145]
"When to Report Computer Crimes to Law Enforcement," Computer Security Alert, No. 151, October 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 141]
"New Intellectual Property and the Need for Information Security," Computer Fraud & Security Bulletin, September 1995, pp. 18-19; Publisher: Elsevier Science Ltd., Oxford, England. [pub. no. 139]
"Require Approval for Official Statements Posted to the Internet," Computer Security Alert, No. 149, August 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 136]
"Internet Anarchy and the Effectiveness of Laws," Computerworld, 12 June 1995. Expanded version also appears as "Need for Worldwide Internet Laws," in Computer Fraud & Security Bulletin, p.10, July 1995, Elsevier Science Publishers, Oxford, England. [pub. no. 133]
"ISO 9000 and Information Security," Computers & Security, vol. 14, no. 4, pp. 287-288, October 1995; Publisher: Elsevier Science Publishers, Oxford, England (co-author Karen Snow). [pub. no. 131]
"Why SATAN Should Not Have Been Distributed As It Was," Computer Security Alert, No. 146, May 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 128]
"Destroy Archived Electronic Mail Periodically," Computer Security Alert, No. 142, January 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 124]
"Wireless Network Security," Proceedings of Wireless Datacom '94 Conference held in Washington, DC, 6-8 December 1994; Publisher: Business Communications Review, Hinsdale, IL. [pub. no. 122]
"Fifty Ways to Secure Dial-Up Communications," Computers & Security, May 1994, vol. 13, no. 3, pp. 209-215; Publisher: Elsevier Advanced Technology, Oxford, England. [pub. no. 118]
"Identity Token Usage at American Commercial Banks," Computer Fraud & Security Bulletin, March 1995; Publisher:Elsevier Science Publishers, Oxford England, pp. 14-16. [pub. no. 114]
"Security Problems in Collaborative Computing," Network World, October 1994; Publisher: International Data Group, Framingham, MA. [pub. no. 113]"The Newest Threat to Information Security: Open Book Management," EDPACS, August 1994; Publisher: WarrenGorham Lamont, Boston, MA. [pub. no. 110]
"Principles of Secure Information Systems Design with Groupware Examples," Proceedings of the Groupware '92 Conference, held in San Jose, California 3-5 August 1992; Publisher: Morgan Kaufmann Publishers, San Mateo, CA. [pub. no. 75]"A Strategy for Developing Information Security Documents," Journal of Information Systems Security, vol. 1, issue 2, Summer 1992, pp. 71-78; Publisher: Auerbach Publishers, New York, NY (co-author: Juhani Saari). [pub. no. 68]
"Using Information Security to Achieve Competitive Advantage," Proceedings of the 18th Annual CSI Conference, Miami, Florida, November 11-15, 1991; Publisher: Computer Security Institute, San Francisco, California. [pub. no. 58]"Data Dictionaries and Information Security," Proceedings of SECURICOM '84 International Conference, Cannes, France, 29 February - 2 March 1984, pp. 55-63; Publisher: SEDEP, Paris, France. [pub. no. 24
"International Barriers to Information Flows," SRI International Business Intelligence Report, Report #1057, March 1981; Publisher: SRI International, Menlo Park, CA. [pub. no. 10]
"Computer Crime: Criminal Justice Resource Manual," with Parker, Donn B., Publisher: U.S. Government Printing Office, Washington, DC; prepared for U.S. Department of Justice; order no. 1979-311-379/1710, 1979. [pub. no. 1]
Books Written by Charles Cresson Wood:
Information Security Policies Made Easy [a book of 1300+ already-written policies provided in both hardcopy and CD-ROM], AND in it's 11th edition, 2010; Publisher: Information Shield, Houston, TX, USA; ISBN# 1-881585-16-9.
Information Security Roles & Responsibilities Made Easy provides practical, step-by-step instructions on how to develop specific information security roles and responsibilities.It includes 40 different job descriptions, 24 organizational mission statements, 15 alternative reporting relationships, and the most comprehensive set of already-written information security roles & responsibilities documents available anywhere. Publisher: NetIQ Corporation, San Jose, USA; ISBN# 1-881585-08-5.
Best Practices in Internet Commerce Security [derived from a survey of Internet merchants, Internet service providers (ISPs), Internet commerce hosting firms, Internet Trusted Third Parties (TTPs), and Internet commerce software vendors], 1998; Publisher: NetIQ Corporation, San Jose, CA, USA; ISBN#1-881585-05-0.
How to Handle Internet Electronic Commerce Security: Risks, Controls & Product Guide [a guide for the design and specification of Internet security measures], released in 1996; Publisher: NetIQ Corporation, San Jose, CA, USA; ISBN#1-881585-03-4.
Effective Information Security Management [a book of tools and techniques for dealing with information security problems], 1991; Publisher: Elsevier Advanced Technology, Oxford, England; ISBN#1-85617-070-5.
Computer Security: A Comprehensive Controls Checklist [a book detailing standard control practices -- particularly useful for audits and reviews], 1987; Publisher: John Wiley & Sons, New York, NY, USA; ISBN#O-471-84795-X.
Consulting Services Include:
Information systems risk analysis and EDP audits
Enterprise-wide information security policy development
Organizational infrastructure for information security
Customized security solutions for cutting-edge application systems
Security design reviews for Internet commerce merchants and banks
Network security architecture compilation and documentation
Expert witness testimony and strategy for computer crime trials
Training and awareness program development and presentation
For more information about information security consulting services click here.
As a matter of policy, Mr. Wood does not accept referral fees, marketing finder's fees, sales commissions, or any other financial remuneration for mentioning information security products or services to clients. In this way he can be truly independent and make recommendations, which are unquestionably in the best interests of consulting clients.
Customer Reviews
|
Share your thoughts with other customers:
|
||||||||||||||||||||||
|
Most Helpful Customer Reviews
3 of 3 people found the following review helpful:
4.0 out of 5 stars
Every IT/IT Security Shop should have one,
By
This review is from: Information Security Roles & Responsibilities Made Easy, Version 2 (Hardcover)
This is a difficult book to review because it is meant to be a resource, not something you read on an airplane. I have passed this around to some of students and fellow SANS instructors and tried to get some of their feedback as well.The greatest contribution this book makes is a discussion of organization structure, who should report to who and why. This is something that has been desparately needed in the industry and if this book is successful in the marketplace, I would like to see some additional research and have this already excellent resource expanded. The job descriptions are also wonderful, we have many names for the same position and I would hope that over time, this book can help us develop a common terminology. Who needs this book? It is designed to be licensed to organizations and as a rough rule of thumb, any organization with an IT department of 25 people or more could benefit from this book.
1 of 1 people found the following review helpful:
5.0 out of 5 stars
Great reference book,
This review is from: Information Security Roles & Responsibilities Made Easy, Version 2 (Hardcover)
We had to create a security organization for a financial institution and as a part of the job, we had to define the roles and responsbilities. This book was extremely useful for me.
1 of 1 people found the following review helpful:
5.0 out of 5 stars
Excellent book ; completely Hands-On,
By
This review is from: Information Security Roles & Responsibilities Made Easy, Version 2 (Hardcover)
I am the CISO of a regional Latin American Bank, and I used this book almost inmediately to define a project of defining information security roles in my organization. Even though some of the roles have to be changed due to the nature of the organization, and the internal politics that are at stake, I consider this book almost a "best practice" for information security. It helps you implement Information security infraestructure, and to show the importance of it to top management. Now, my organization is paying more attention to InfoSec, and the roles of the people are clearer in respecto to InfoSec.
Share your thoughts with other customers: Create your own review
|
|
Inside This Book
(learn more)
First Sentence:
The total cost of ownership (TCO) models developed by a variety of industry analysts such as the Gartner Group indicate that labor represents anywhere from two-thirds to three-quarters of the on-going cost associated with information technology. Read the first page Key Phrases - Capitalized Phrases (CAPs): (learn more)
Responsibilities Made Easy, Information Technology Department, Human Resources Department, Physical Security Department, Internal Audit Department, Systems Administrators, Legal Department, Chief Information Officer, Board of Directors, Audit Committee, Chief Executive Officer, Computer Operations Manager, Access Control System Administrator, Internal Intellectual Property Attorney, Risk Management Department, Finance Department, Chief Financial Officer, Chief Security Officer, In-House Trainer, Network Administrators, Information Systems Auditor, Information Systems Contingency Planner, Database Administrator, Ethics Officer, Discussion Of Reasons New!
Books on Related Topics | Concordance | Text Stats Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Back Cover | Surprise Me!
The total cost of ownership (TCO) models developed by a variety of industry analysts such as the Gartner Group indicate that labor represents anywhere from two-thirds to three-quarters of the on-going cost associated with information technology. Read the first page Key Phrases - Capitalized Phrases (CAPs): (learn more)
Responsibilities Made Easy, Information Technology Department, Human Resources Department, Physical Security Department, Internal Audit Department, Systems Administrators, Legal Department, Chief Information Officer, Board of Directors, Audit Committee, Chief Executive Officer, Computer Operations Manager, Access Control System Administrator, Internal Intellectual Property Attorney, Risk Management Department, Finance Department, Chief Financial Officer, Chief Security Officer, In-House Trainer, Network Administrators, Information Systems Auditor, Information Systems Contingency Planner, Database Administrator, Ethics Officer, Discussion Of Reasons New!
Books on Related Topics | Concordance | Text Stats Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Back Cover | Surprise Me!
Citations (learn more)
This book cites 33
books:
See all 33 books this book cites
- Information Security (IOD Director's Guide) by Institute of Directo on 17 pages
- Financial Services (Aspects of Britain) by Central Office of Information on 11 pages
- Information Security Policies Made Easy (Version #7) by Cresson Wood Wood in Back Matter (1), and Back Matter (2)
- Records Management by Bureau of Business Practice in Back Matter (1), and Back Matter (2)
- Corporate Governance by David Hume Institute in Back Matter (1), and Back Matter (2)
See all 33 books this book cites
Books on Related Topics
(learn more)
|
Suggested Tags from Similar Products(What's this?)Be the first one to add a relevant tag (keyword that's strongly related to this product).
|
Sell a Digital Version of This Book in the Kindle Store
If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store.
Learn more
Customer Discussions
|
This product's forum
Active discussions in related forums
Search Customer Discussions
|
Related forums
|
