1 used from $499.95

Have one to sell? Sell yours here

Tell the Publisher! I�d like to read this book on Kindle Don�t have a Kindle? Get your Kindle here.

Information Security Policies Made Easy Version 9 (Hardcover)

~ Charles Cresson Wood (Author) "Information security policies are a special type of documented business rule..." (more)
Key Phrases: information security management committee, policy informs workers, vulnerability identification software, Four-Category Data Classification, All Commentary, Five-Category Application Criticality Classification Scheme (more...)

5.0 out of 5 stars See all reviews (3 customer reviews)

Available from these sellers.

1 used from $499.95

Special Offers and Product Promotions

Earn 5% CashBack with PayPhrase. Use PayPhrase for express checkout and earn up to $250 CashBack. Get started by choosing your PayPhrase. Limited time offer, restrictions apply. Learn more.

Editorial Reviews

Review

"Complete kit of proven best practices that any organization can use and customize to make policies meeting their exact needs." -- Jay Heiser, Columnist, "Information Security" magazine , September 2002

"The gold standard Policy reference for any serious security practitioner to have in their arsenal of tools, a must have!" -- John B. Kramer, CISSP, CISA, Information Security Manager – UPMCHS, September, 2002

"Version 9 is a significant advance from previous versions making it a necessary part of every information security practitioner’s library" -- Donn B. Parker, CISSP, September, 2002

About the Author

Charles Cresson Wood is an author and independent information security consultant based in Sausalito, California. In the information security field on a full-time basis since 1979, he has worked as an information security management consultant at SRI International (formerly Stanford Research Institute) as well as lead network security consultant at the Bank of America. He has done information security work with over 120 organizations -- many of them Fortune 500 companies -- including a large number of financial institutions and high-tech companies.

He is noted for his ability to integrate competing objectives (like ease-of-use, speed, flexibility and security) in customized and practical compromises that are acceptable to all parties involved. Acknowledging that information security is multi-disciplinary, multi-departmental, and often multi-organizational, he is additionally noted for his ability to synthesize a large number of complex considerations and then to document these in security architectures, system security requirements, risk assessments, project plans, policy statements, and other clear and action-oriented documents.

Product Details

Hardcover: 727 pages
Publisher: PentaSafe Security Technologies (September 30, 2002)
Language: English
ISBN-10: 1881585093
ISBN-13: 978-1881585091
Product Dimensions: 11.3 x 8.7 x 1.8 inches
Shipping Weight: 4.2 pounds

Average Customer Review: 5.0 out of 5 stars See all reviews (3 customer reviews)

Amazon.com Sales Rank: #1,970,325 in Books (See Bestsellers in Books)

Would you like to update product info or give feedback on images?

Inside This Book (learn more)

First Sentence:
Information security policies are a special type of documented business rule. Read the first page

Key Phrases - Capitalized Phrases (CAPs): (learn more)
Four-Category Data Classification, All Commentary, Five-Category Application Criticality Classification Scheme, Faxing Sensitive Information, Violation And Problem Reporting, Security Policies Made Easy, Electronic Mail Message Monitoring, Access Control Policy, Asset Inventory, Incident Reporting, Malfunctioning Access Control, External Violation Reporting, Message Disclaimer, Terms And Conditions Of Employment, Computer Crime Or Abuse Evidence, Electronic Mail Message Handling, Information System Control Reviews, Operating System User Authentication, Physical Access Of Terminated Workers, Presentation Of Public Image, Publicly Available Systems, Requests For Organization Information, Business Source Document Retention, Computer Disaster Recovery Plans, Control Implementations Standard

New!
Books on Related Topics | Concordance | Text Stats

Citations (learn more)

This book cites 3 books:

Information Security Policies Made Easy (Version #7) by Cresson Wood Wood on 6 pages
Best Practices In Internet Commerce Security by Charles Cresson Wood in Back Matter
Law of Electronic Commerce by Benjamin Wright in Back Matter

1 book cites this book:

The CISA Prep Guide: Mastering the Certified Information Systems Auditor Exam by John Kramer on page 107

Books on Related Topics (learn more)

Information Security Policies Made Easy, Version 10 by Charles Cresson Wood

Discusses:

Information Security Roles & Responsibilities Made Easy, Version 2 by Charles Cresson Wood

Discusses:

What Do Customers Ultimately Buy After Viewing This Item?

	65% buy Information Security Policies Made Easy, Version 10 4.8 out of 5 stars (4)
	35% buy Writing Information Security Policies 4.5 out of 5 stars (11) $27.29

Explore similar items

Tag this product

(What's this?)

Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organize and find favorite items.

Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Customer Reviews

3 Reviews

5 star:		(3)
4 star:		(0)
3 star:		(0)
2 star:		(0)
1 star:		(0)

Average Customer Review

5.0 out of 5 stars (3 customer reviews)

Share your thoughts with other customers:

Create your own review

Most Helpful Customer Reviews

9 of 9 people found the following review helpful:

5.0 out of 5 stars Comprehensive, June 25, 2003

By	Stephen Northcutt (Kauai, HI USA) - See all my reviews (REAL NAME)

I keep books in two places, a small shelf near my computer that I can reach and a large bookshelf across the room. This book deserves a place on the small shelf within arm's reach.

If you are a manager, before you ever make a decision, or approve a policy, look the topic up, there is a good chance you will see something you didn't think of.

Let me give you an example, our company used to have a fairly long Non-Diclosure Agreement (NDA) prepared by our attorney for a specific purpose. However, we decided to create a simpler, general purpose NDA for all 1099 contractors. The lawyer created it and before I approved it I checked it against the book. I found three items that really should have been in our NDA that we would have missed, thank you Mr. Wood!

If you are a techie do you need this book? Sure, because everything we do as a techie or engineer has liability implications for the company. Each topic is very clear, concise, and well thought out. It takes a few seconds to look it up, about two minutes to read the section and that investment is well worth your time.

Yes, this is an expensive book, however, it is worth the investment, every organization should have at least one copy. S.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

8 of 8 people found the following review helpful:

5.0 out of 5 stars Dont even think of writing infosec policies w/o this book, April 1, 2003

By	Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews (TOP 1000 REVIEWER) (REAL NAME)

Master plumbers often find that a portion of their business derives from fixing jobs that homeowners thought were simple enough to do themselves. Many business professionals approach information security policies the same way novices approach a leaky pipe. They try to save time and money by doing it themselves; then they are overwhelmed by the unexpected complexity of the task. In the end, they have to call on a professional to repair the damage; ultimately costing them more time and money than if they had gone the professional route at the start.

Those who are serious about information security policy should plumb the depth of wisdom contained in Information Security Policies Made Easy, Version 9. This latest version has updated the text of nearly 1,400 policies, and the policies are organized to track ISO 17799, a broad information-security standard.

This newest version rectifies the only serious shortcoming of versions past: the lack of a cross-referencing tool. Version 9 contains a Web-based CD-ROM that is fully linked and searchable. Other advances include policies addressing new legislation such as the Healthcare Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act. With this update, the flow of information through any company's pipelines is sure to be more secure.

Anyone who is chartered with the creation of a set of a comprehensive set of information security policies and procedures should definitely use Information Security Policies Made Easy. It is the definitive reference and definitely lives up to its billing.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

0 of 1 people found the following review helpful:

5.0 out of 5 stars Purely awesome!, September 11, 2003

By	Eric Kent (USA) - See all my reviews (TOP 1000 REVIEWER)

If you want a great book on policy this is it.

The ultimate in cut and paste.

CC Wood did all the work.

All you have to do is choose, cut, paste and edit.

OK, it is more than that, but this book gets you to third base. It is only a short run to home plate afterwords.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

Share your thoughts with other customers: Create your own review

› See all 3 customer reviews...

.jsOffDisplayBlock { display: block; } .jsOffDisplayInline { display: inline; } .jsOffVisibility { visibility: visible; } .jsOnDisplayBlock { display: none; } .jsOnDisplayNoneBlock { display: block; } .jsOnDisplayNoneInline { display: inline; } .jsOnDisplayInline { display: none; } .jsOnVisibility { visibility: hidden; } .jqOnDisplayBlock { display: none; } .jqOnDisplayInline { display: none; } .jqOnVisibility { visibility: hidden; } .jqOnDisplayNoneBlock { display: block; } .jqOnDisplayNoneInline { display: inline; }