Information Security Policies, Procedures, and Standards: A Practitioner's Reference

In this work, Mr. Landoll, has created a true reference for all of us who wrestle with the task of incorporating meaningful Standards into the Policies and Procedures.What are necessary to create the framework to enable an organization to truly begin to protect itself and its assets from both "Cyber" and other threats (Including national disasters) to build a truly resilient organization. Its a tool that I use often, and look forward to future updates.

No one likes reading a book on policy development, but another great book by DOUGLAS J. LANDOLL. He provides the information needed to develop or improve an informatin security policy program. The key especially to the federal practitioner is the association between the RMF controls adn policy development. The Security Ploicy Framework is usable across all security architectures/frames ISO27001, COBIT. Good book

This is an excellent guide and reference when developing security policies for your organization, the author is an expert in the matter and prepared a very valuable material to help you in this journey.

The information as it relates to policies is pretty great. Would be 5 stars but the sections on standards and procedures is very light and doesn't provide any practical examples.

Recommended for anyone who works in the field of information security

ok

I downloaded the sample of this book some days ago and finally decided to procure the book. From what I read so far I very much like the content and would happily give it 4 or 5 stars. But, what I didn't see in the sample and only realised in the final when downloading the full book, are a number of formatting issues. There are many pages in the book that break paragraphs into multiple pages, resulting in a book that is much harder to read. I tested this on my Kindle paper white and the Kindle app on iPad and got similar results. I assume that these issues don't exist in the printed version, but since I don't have one I can't comment on it.

Security policies are like fiber (the kind you eat, not the telco type). Everyone agrees they are important, but often don’t want to deal with it. Most organizations eventually realize there comes a time that they are forced to tame the beast known as information security policies. They are often forced into this when it they get requests for a 3rd-party audit, PCI DSS compliance, visit from the FTC, and the like. With that, information security policies are an important part (but contrary to popular belief, not the only part) of a comprehensive security program.In Information Security Policies, Procedures, and Standards: A Practitioner's Reference, author Douglas Landoll has written a helpful resource for those looking to tame the security policy beast as they embark on their journey towards creating (or updating) security policies.Google information security policy and you’ll get tens of millions of hits. While there’s no shortage of publically available policies, the key (and challenge) is to craft and customize polices to ensure they work for the specific organization they are to protect.While the second half of the book does have such polices that the author created for the State of Arizona, the real value is in the first half where he shows what it takes to create a set of effective security policies.The cutting and pasting of public policies is bound to fail, to which the book shows how to develop security policies using a consistent set of terminology and methods, in addition to a common policy format and structure.For anyone on their first rodeo of information security policy creation, or looking to improve their existing policy set, Information Security Policies, Procedures, and Standards: A Practitioner's Reference is a worthwhile reference.