[...]... third parties to comply with organizational policies, procedures, and standards This policy is probably one of the most important for information security and other organization policies and standards We can only write policies and establish standards and procedures for employees; all other third parties must be handled contractually It is very important that the contract language reference any policies, ... Auditing Auditing assesses the adequacy of and compliance with management, operating, and financial controls, as well as the administrative and operational effectiveness of organizational units Information Security Information Security (IS) is to direct and support the company and affiliated organizations in the protection of their information assets from intentional or unintentional disclosure, modification,... LEGAL REQUIREMENTS In addition to the national and international standards and laws we have been discussing, there are other requirements that make policies, standards, and procedures a necessity (see Figure 3) Management must demonstrate that a standard of care exists within the enterprise and in the manner in which it conducts its affairs This standard of care requires that management employ a watchful,... discussed can be used throughout the enterprise We concentrate on information security needs, but we always keep the organization objectives at the forefront Part 1 Information Security Policies and Procedures Years ago, I saw a cartoon in magazine that showed a huge construction project in downtown Manhattan There was this massive hole and the crews were busy excavating even deeper, there was a great deal... computer and information security issues, including developing policies and procedures, disaster recovery planning, copyright compliance, virus management, and security controls He has had four books published: Policies, Standards, Guidelines and Procedures: Information Security Risk Analysis; Information System Security Policies and Procedures: A Practitioners’ Reference; The Complete Manual of Policies and... running of an organization We examine how policies support management’s directions Standards and procedures are the elements that implement the management policies It is easy now to run out to the Internet and pull down some organizations’ policies and the like However, this book cautions against this approach We examine how best to use available examples of policies, standards, and procedures We also put... organization needs to address at least 12 enterprisewide (Tier 1) policies We examine each of these policies and then map information security requirements into each one We also discuss the need for topicspecific (Tier 2) policies and application-specific (Tier 3) policies and how they map with standards and procedures Although this text is identified as information security policies, standards, and procedures, ... organization are very small In Chapter 2 we discuss handling the writing task as a project Notes 1 Examples of Tier 1 policies and a Nondisclosure Agreement can be found in the appendices 2 Required in ISO 17799, BS 7799, and Gramm-Leach-Bliley 3 Required in Gramm-Leach-Bliley 4 Required in ISO 17799, BS 7799, and Gramm-Leach-Bliley 5 Required in Gramm-Leach-Bliley Chapter 2 Why Manage This Process as... view that the overall objective of an information security program is to protect the integrity, confidentiality, and availability of that information Although this is true from a security perspective, it is not the organization objective Information is an asset and is the property of the organization As it is an asset, management is expected to ensure that appropriate levels of control are in place to... enterprise An information security program that includes policies, standards, and procedures will allow management to demonstrate a standard of care As information security professionals, it is our responsibility to implement policies that reflect the business and mission needs of the enterprise This chapter examines the reasons why information security policies are needed and how they fit into all elements