Information Security Policies, Procedures, and Standards and over 360,000 other books are available for Amazon Kindle � Amazon�s new wireless reading device. Learn more

Quantity:

Express Checkout with PayPhrase

What's this? | Create PayPhrase

More Buying Choices

23 used & new from $38.25

Have one to sell? Sell yours here

Share with Friends

Share your own customer images

Search inside this book

Start reading Information Security Policies, Procedures, and Standards on your Kindle in under a minute. Don�t have a Kindle? Get your Kindle here.

Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management (Paperback)

~ (Author) "The purpose of information protection is to protect the valuable resources of an organization, such as information, hardware, and software..." (more)
Key Phrases: automated systems that process, software usage guidelines, information classification policy, Sprocket Inc, United States, Vice President (more...)

4.2 out of 5 stars See all reviews (5 customer reviews)

List Price:	$83.95
Price:	$75.35 & this item ships for FREE with Super Saver Shipping. Details
You Save:	$8.60 (10%)
	o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o

In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.

Only 2 left in stock--order soon (more on the way).

Want it delivered Thursday, December 3? Choose One-Day Shipping at checkout. Details

Ordering for Christmas? To ensure delivery by December 24, choose FREE Super Saver Shipping at checkout. Read more about holiday shipping.

10 new from $55.20 13 used from $38.25

Formats		Amazon Price	New from	Used from
Kindle Edition $55.96 Available for download now. Published December 20, 2001	Kindle Edition, December 20, 2001	$55.96	--	--
Paperback $75.35 In Stock. Published December 19, 2001	Paperback, December 19, 2001	$75.35	$55.20	$38.25

Frequently Bought Together

Price For All Three: $177.80

Show availability and shipping details

This item: Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management by Thomas R. Peltier
In Stock.
Ships from and sold by Amazon.com.
This item ships for FREE with Super Saver Shipping. Details
Writing Information Security Policies by Scott Barman
In Stock.
Ships from and sold by Amazon.com.
This item ships for FREE with Super Saver Shipping. Details
Information Security Policies and Procedures: A Practitioner's Reference, Second Edition by Thomas R. Peltier
In Stock.
Ships from and sold by Amazon.com.
This item ships for FREE with Super Saver Shipping. Details

Customers Who Bought This Item Also Bought

Writing Information Security Policies

by Scott Barman

4.5 out of 5 stars (11) $27.29

Information Security Policies and Procedures: A Practitioner's Reference, Second Edition

by Thomas R. Peltier

4.2 out of 5 stars (6) $75.16

IT Governance: A Manager's Guide to Data Security and ISO 27001 / ISO 27002

by Alan Calder

5.0 out of 5 stars (1) $60.75

The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments

by Douglas J. Landoll

5.0 out of 5 stars (4) $56.66

Security Metrics: Replacing Fear, Uncertainty, and Doubt

by Andrew Jaquith

4.6 out of 5 stars (20) $34.64

› Explore similar items

Editorial Reviews

Product Description

By definition, information security exists to protect your organization's valuable information resources. But too often information security efforts are viewed as thwarting business objectives. An effective information security program preserves your information assets and helps you meet business objectives. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management provides the tools you need to select, develop, and apply a security program that will be seen not as a nuisance but as a means to meeting your organization's goals.Divided into three major sections, the book covers: writing policies, writing procedures, and writing standards. Each section begins with a definition of terminology and concepts and a presentation of document structures. You can apply each section separately as needed, or you can use the entire text as a whole to form a comprehensive set of documents. The book contains checklists, sample policies, procedures, standards, guidelines, and a synopsis of British Standard 7799 and ISO 17799.Peltier provides you with the tools you need to develop policies, procedures, and standards. He demonstrates the importance of a clear, concise, and well-written security program. His examination of recommended industry best practices illustrates how they can be customized to fit any organization's needs. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management helps you create and implement information security procedures that will improve every aspect of your enterprise's activities.

Product Details

Paperback: 312 pages
Publisher: AUERBACH; 1 edition (December 20, 2001)
Language: English
ISBN-10: 0849311373
ISBN-13: 978-0849311376
Product Dimensions: 9.8 x 7 x 0.9 inches
Shipping Weight: 1.4 pounds (View shipping rates and policies)

Average Customer Review: 4.2 out of 5 stars See all reviews (5 customer reviews)

Amazon.com Sales Rank: #685,219 in Books (See Bestsellers in Books)

Would you like to update product info or give feedback on images?

More About the Author

Discover books, learn about writers, read author blogs, and more.

› Visit Amazon's Thomas R. Peltier Page

Inside This Book (learn more)

First Sentence:
The purpose of information protection is to protect the valuable resources of an organization, such as information, hardware, and software. Read the first page

Key Phrases - Statistically Improbable Phrases (SIPs): (learn more)
automated systems that process, software usage guidelines, information classification policy, information protection problems, authorized company channels, information protection policy, questionnaire score ranges, unattended access, information protection program, resolution urgency, information protection policies, data protection mechanisms, company information assets, information security program, information from unauthorized access, conducting company business, information security policies, physical property relevant, information security policy, security awareness program, audit comments, business impact analysis, audit trail data, network security policy, contract personnel

Key Phrases - Capitalized Phrases (CAPs): (learn more)
Sprocket Inc, United States, Vice President, Conduct Project Status Assessment, Computer-Based Access, Example of Narrative Style, General Auditor, Security Dynamics, Configuration Data Examples, Controls Found, Example of Tree Style, Information Handling Procedures Matrix, Policy Baseline Checklist, Unstructured Data Examples

New!
Books on Related Topics | Concordance | Text Stats

Citations (learn more)

This book cites 30 books:

Financial Services (Aspects of Britain) by HMSO Books in Front Matter
New Directions in Project Management (Best Practices) by Paul C. Tinnirello in Front Matter
Securing and Controlling Cisco Routers by Peter T. Davis in Front Matter
Computer Telephony Integration, Second Edition by William A. Yarberry Jr. in Front Matter
Business Systems (International Diploma in Computer Studies) by Dorothy J. Tudor in Front Matter

See all 30 books this book cites

78 books cite this book:

Trust in the Network Economy (Evolaris) (English and German Edition) (v. 2) by Otto Petrovic on page 24, and page 49
The Practical Guide to HIPAA Privacy and Security Compliance by Kevin Beaver in Front Matter, and page 385
Official (ISC)2� Guide to the CISSP�-ISSEP� CBK� by Susan Hansche CISSP in Front Matter
Public Key Infrastructure: Building Trusted Applications and Web Services by John R. Vacca in Front Matter
Investigator's Guide to Steganography by Gregory Kipper in Front Matter

See all 78 books citing this book

Books on Related Topics (learn more)

Official by Susan Hansche

Discusses:

The Art of Deception by Kevin D. Mitnick

Discusses:

Information Security Management Handbook, Fifth Edition by Harold F. Tipton

Discusses:

Information Security Policies and Procedures by Thomas R. Peltier

Discusses:

What Do Customers Ultimately Buy After Viewing This Item?

	58% buy the item featured on this page: Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management 4.2 out of 5 stars (5) $75.35
	19% buy Writing Information Security Policies 4.5 out of 5 stars (11) $27.29
	9% buy Information Security Policies and Procedures: A Practitioner's Reference, Second Edition 4.2 out of 5 stars (6) $75.16
	8% buy Security Metrics: Replacing Fear, Uncertainty, and Doubt 4.6 out of 5 stars (20) $34.64

Explore similar items

Suggested Tags from Similar Products

(What's this?)

Be the first one to add a relevant tag (keyword that's strongly related to this product).

security metrics(15)

security(13)

information security(11)

cissp(10)

risk management(8)

isc2(6)

information seurity(4)

andrew jaquith(3)

risk assessment(3)

network security(3)

Customer Reviews

5 Reviews

5 star:		(2)
4 star:		(2)
3 star:		(1)
2 star:		(0)
1 star:		(0)

Average Customer Review

4.2 out of 5 stars (5 customer reviews)

Share your thoughts with other customers:

Create your own review

Most Helpful Customer Reviews

31 of 32 people found the following review helpful:

4.0 out of 5 stars Good book for Infosec Management, April 10, 2002

By	Nasir Farhat Khan (Karachi, Pakistan) - See all my reviews

If you want to find out the relation between Policies, Procedures and Standards buy this book. Although the flow of text is somewhat discontinuous but the author clearly explains the underlying concepts. The examples are very illustrative and have a real world feel. The author has been on the frontlines (clearly evident throughout the text) and this distinguishes the book from rest in the pack. Very few books talk about ISO 17799 and BS7799 in detail. This book goes beyond just reproducing the standard and explains the positioning of such guidelines. The tables and checklists found in the appendices alone are worth many times the cost of the book.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

12 of 12 people found the following review helpful:

3.0 out of 5 stars Good, but should have been edited, February 23, 2005

By	G. Haygood Jr. (Atlanta, GA) - See all my reviews (REAL NAME)

I just started developing InfoSec policies for my company, and was having a hard time getting started. The Web is filled with sample documents and articles for specific documents, but I needed a resource that assumed I was starting from scratch and would help me build up a good library of content to satisfy our auditors.

So I was a little excited to stumble across this book. It lays a good foundation for what's needed in a security policy library, and steps through the development of the major document types: policies, procedures, standards, and guidelines. It's filled with lots of samples, checklists, templates, and other starting points for everything I was looking for.

One glaring problem, though, which by itself drops the rating 1-2 stars: there is an embarrasingly high number of grammar, syntax, and occassionally even semantic, mistakes. Even though these kind of problems are one of my biggest pet peeves, I might overlook them ... except the author makes multiple statements about proofreading your work before submitting to management!! It seems pretty clear that the book was rushed to publication without a serious round of review (I wonder if I put more editorial time into this review than they did into the book...). Even though the book was written for techno-types, there is no excuse for such egregious errors.

Overall, though, this is a decent resource to help with infosec policy development. Just make sure it's not the only book you use. If they would issue an update, this would become a valuable addition to your library. However, the edition I purchased in Feb 2005 was released in 2002, so I wouldn't expect any updates soon.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

6 of 6 people found the following review helpful:

4.0 out of 5 stars Excellent practical guidebook, June 19, 2004

By	Dr. G. Hinson "NoticeBored.com" (New Zealand) - See all my reviews (REAL NAME)

This is the best book I've seen (so far!) about writing infosec policies and associated materials. Tom Peltier refers directly to the ISO 17799 structure and gives helpful advice on what to include under the ten sections. More than that, he guides the reader through the *process* of writing and implementing policies, even including a brief chapter on my own specialism, security awareness, and suggestions on writing style.

My main quibble with the book is its inconsistency in the level of detail e.g. 41 of the 191 main text pages are devoted to information classification. There are perhaps too many lists and tables for my liking, but these may be useful as reminders of things to include.

Overall, the book is helpful if you are about to write infosec policies and want to avoid some of the more common pitfalls.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

Share your thoughts with other customers: Create your own review

› See all 5 customer reviews...

Most Recent Customer Reviews

5.0 out of 5 stars This book is truly a treasure of knowledge.
Information security policies and all of in this book. This is a great advice for business to start, continue, follow on their journey. Read more

Published on November 18, 2006

5.0 out of 5 stars Really good
Really good for anyone doing infosec policy dev.

this will save you a ton of time.

Published on November 24, 2004 by Eric Kent

› See all 5 customer reviews...

.jsOffDisplayBlock { display: block; } .jsOffDisplayInline { display: inline; } .jsOffVisibility { visibility: visible; } .jsOnDisplayBlock { display: none; } .jsOnDisplayNoneBlock { display: block; } .jsOnDisplayNoneInline { display: inline; } .jsOnDisplayInline { display: none; } .jsOnVisibility { visibility: hidden; } .jqOnDisplayBlock { display: none; } .jqOnDisplayInline { display: none; } .jqOnVisibility { visibility: hidden; } .jqOnDisplayNoneBlock { display: block; } .jqOnDisplayNoneInline { display: inline; }