Verfügbarkeit: Information security policies and procedures

Information security policies and procedures: a practitioner's reference

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Peltier, Thomas R. (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Boca Raton [u.a.] Auerbach Publ. 2004
Ausgabe:	2. ed.
Schlagworte:	Computersicherheit Datenschutz
Online-Zugang:	Inhaltsverzeichnis Inhaltsverzeichnis
Beschreibung:	XXIII, 384 S. graph. Darst.
ISBN:	0849319587

Internformat

MARC


LEADER	00000nam a2200000zc 4500
001	BV023744654
003	DE-604
005	20170720
007	t
008	050601s2004 d\|\|\| \|\|\|\| 00\|\|\| eng d
020			\|a 0849319587 \|9 0-8493-1958-7
035			\|a (OCoLC)265488978
035			\|a (DE-599)BVBBV023744654
040			\|a DE-604 \|b ger
041	0		\|a eng
049			\|a DE-526
082	0		\|a 005.8
084			\|a ST 276 \|0 (DE-625)143642: \|2 rvk
100	1		\|a Peltier, Thomas R. \|e Verfasser \|4 aut
245	1	0	\|a Information security policies and procedures \|b a practitioner's reference \|c Thomas R. Peltier
250			\|a 2. ed.
264		1	\|a Boca Raton [u.a.] \|b Auerbach Publ. \|c 2004
300			\|a XXIII, 384 S. \|b graph. Darst.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
650	0	7	\|a Computersicherheit \|0 (DE-588)4274324-2 \|2 gnd \|9 rswk-swf
650	0	7	\|a Datenschutz \|0 (DE-588)4011134-9 \|2 gnd \|9 rswk-swf
689	0	0	\|a Datenschutz \|0 (DE-588)4011134-9 \|D s
689	0	1	\|a Computersicherheit \|0 (DE-588)4274324-2 \|D s
689	0		\|5 DE-604
856	4		\|q text/pdf \|u http://www.gbv.de/dms/bowker/toc/9780849319587.pdf \|3 Inhaltsverzeichnis
856	4	2	\|m HEBIS Datenaustausch Darmstadt \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=017293729&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-017293729

Datensatz im Suchindex

_version_	1804138794414243840
adam_text	INFORMATION SECURITY POLICIES AND PROCEDURES A PRACTITIONER S REFERENCE SECOND EDITION THOMAS R. PELTIER A AUERBACH PUBLICATIONS A CRC PRESS COMPANY BOCA RATON LONDON NEW YORK WASHINGTON, D.C. CONTENTS ACKNOWLEDGMENTS XIX ABOUT THE AUTHOR XXI INTRODUCTION XXIII PART 1 INFORMATION SECURITY POLICIES AND PROCEDURES CHAPTER 1 INTRODUCTION 3 1 CORPORATE POLICIES 4 2 ORGANIZATIONWIDE (TIER 1) POLICIES 1 4 3 ORGANIZATIONWIDE POLICY DOCUMENT 8 4 LEGAL REQUIREMENTS 10 5 DUTY OF LOYALTY 11 6 DUTY OF CARE 11 7 OTHER LAWS AND REGULATIONS 12 7.1 FEDERAL SENTENCING GUIDELINES FOR CRIMINAL CONVICTIONS.. 12 7.2 THE ECONOMIC ESPIONAGE ACT OF 1996 12 8 BUSINESS REQUIREMENTS 13 8.1 THE NEED FOR CONTROLS 13 8.2 GOOD BUSINESS PRACTICES 13 9 WHERE TO BEGIN? 14 10 SUMMARY 15 CHAPTER 2 WHY MANAGE THIS PROCESS AS A PROJECT? 17 1 INTRODUCTION 17 2 FIRST THINGS FIRST: IDENTIFY THE SPONSOR 18 3 DEFINING THE SCOPE OF WORK 19 4 TIME MANAGEMENT 21 5 COST MANAGEMENT 25 6 PLANNING FOR QUALITY 26 7 MANAGING HUMAN RESOURCES 27 VLL INFORMATION SECURITY POLICIES AND PROCEDURES CHAPTER 3 CHAPTER 4 8 CREATING A COMMUNICATIONS PLAN 27 8.1 SAMPLE COMMUNICATIONS PLAN DURING DEVELOPMENT OF P & P 28 8.2 SAMPLE COMMUNICATIONS PLAN AFTER DEPLOYMENT 28 9 SUMMARY 28 PLANNING AND PREPARATION 31 1 INTRODUCTION 31 2 OBJECTIVES OF POLICIES, STANDARDS, AND PROCEDURES 31 3 EMPLOYEE BENEFITS 33 4 PREPARATION ACTIVITIES 34 5 CORE AND SUPPORT TEAMS 34 6 FOCUS GROUPS 36 7 WHAT TO LOOK FOR IN A GOOD WRITER AND EDITOR 36 8 DEVELOPMENT RESPONSIBILITIES 37 9 OTHER CONSIDERATIONS 38 10 KEY FACTORS IN ESTABLISHING THE DEVELOPMENT COST 38 10.1 RESEARCH, COLLECT, AND ORGANIZE THE INFORMATION 38 10.2 CONDUCT INTERVIEWS 39 10.3 WRITE THE INITIAL DRAFT AND PREPARE ILLUSTRATIONS 39 10.4 PROOFREAD AND EDIT 40 10.5 CHOOSING THE MEDIUM 40 10.6 MAINTENANCE 40 11 REFERENCE WORKS 41 12 MILESTONES 41 13 RESPONSIBILITIES 43 13.1 CORPORATE RESPONSIBILITIES 43 14 DEVELOPMENT CHECKLIST 43 15 SUMMARY 44 DEVELOPING POLICIES 47 1 POLICY IS THE CORNERSTONE 47 2 WHY IMPLEMENT INFORMATION SECURITY POLICY? 47 3 SOME MAJOR POINTS FOR ESTABLISHING POLICIES 48 4 WHAT IS A POLICY? 48 5 DEFINITIONS 49 5.1 POLICY 49 5.2 STANDARDS 49 5.3 PROCEDURES 50 5.4 GUIDELINES 50 6 POLICY KEY ELEMENTS 50 VLLL CONTENTS 7 POLICY FORMAT 55 7.1 GLOBAL POLICY (TIER 1) 55 7.2 TOPIC-SPECIFIC POLICY (TIER 2) 64 7.3 APPLICATION-SPECIFIC POLICY (TIER 3) 74 8 ADDITIONAL HINTS 77 9 PITFALLS TO AVOID 78 10 SUMMARY 79 CHAPTER 5 ASSET CLASSIFICATION POLICY 81 1 INTRODUCTION 81 2 OVERVIEW 81 3 WHY CLASSIFY INFORMATION? 82 4 WHAT IS INFORMATION CLASSIFICATION? 83 5 WHERE TO BEGIN? 84 5.1 INFORMATION CLASSIFICATION CATEGORY EXAMPLES 85 6 RESIST THE URGE TO ADD CATEGORIES 87 7 WHAT CONSTITUTES CONFIDENTIAL INFORMATION? 88 8 EMPLOYEE RESPONSIBILITIES 91 8.1 OWNER 91 8.2 CUSTODIAN 93 8.3 USER 94 9 CLASSIFICATION EXAMPLES 95 9.1 EXAMPLE 1 95 9.2 EXAMPLE 2 95 9.3 EXAMPLE 3 97 9.4 EXAMPLE 4 97 10 DECLASSIFICATION OR RECLASSIFICATION OF INFORMATION 97 11 RECORDS MANAGEMENT POLICY 101 11.1 SAMPLE RECORDS MANAGEMENT POLICY 102 12 INFORMATION HANDLING STANDARDS MATRIX 102 12.1 PRINTED MATERIAL , 102 12.2 ELECTRONICALLY STORED INFORMATION 102 12.3 ELECTRONICALLY TRANSMITTED INFORMATION 102 12.4 RECORDS MANAGEMENT RETENTION SCHEDULE 102 13 INFORMATION CLASSIFICATION METHODOLOGY 102 14 AUTHORIZATION FOR ACCESS 108 14.1 OWNERS 108 14.2 CUSTODIANS 109 14.3 USER ILL 15 SUMMARY ILL CHAPTER 6 DEVELOPING STANDARDS 113 1 INTRODUCTION 113 2 OVERVIEW 114 IX INFORMATION SECURITY POLICIES AND PROCEDURES 3 WHERE DO STANDARDS BELONG? 114 4 WHAT DOES A STANDARD LOOK LIKE? 116 5 WHERE DO I GET THE STANDARDS? 118 6 SAMPLE INFORMATION SECURITY MANUAL 118 7 SUMMARY 139 CHAPTER 7 DEVELOPING PROCEDURES 141 1 INTRODUCTION 141 2 OVERVIEW 141 3 IMPORTANT PROCEDURE REQUIREMENTS 142 4 KEY ELEMENTS IN PROCEDURE WRITING 146 5 PROCEDURE CHECKLIST 146 6 GETTING STARTED 147 7 PROCEDURE STYLES 148 7.1 HEADLINE 149 7.2 CAPTION 149 7.3 MATRIX 149 7.4 NARRATIVE 153 7.5 FLOWCHART 153 7.6 PLAYSCRIPT 155 8 PROCEDURE DEVELOPMENT REVIEW 158 9 OBSERVATIONS 158 10 SUMMARY 162 CHAPTER 8 CREATING A TABLE OF CONTENTS 165 1 INTRODUCTION 165. 2 DOCUMENT LAYOUT 166 3 DOCUMENT FRAMEWORK 166 3.1 TITLE PAGE 167 3.2 MANAGEMENT ENDORSEMENT PAGE 168 3.3 AMENDMENT RECORD 168 4 PREPARING A DRAFT TABLE OF CONTENTS 168 5 SECTIONS TO CONSIDER 172 6 SUMMARY 177 CHAPTER 9 UNDERSTANDING HOW TO SELL POLICIES, STANDARDS, AND PROCEDURES 179 1 INTRODUCTION 179 2 BELIEVE IN WHAT YOU ARE DOING 179 3 RETURN ON INVESTMENT FOR SECURITY FUNCTIONS 180 4 EFFECTIVE COMMUNICATION..... 181 5 KEEPING MANAGEMENT INTERESTED IN SECURITY 183 5.1 ENTERPRISE BUSINESS NEEDS 183 5.2 MANAGEMENT NEEDS 184 5.3 WHERE WE ARE 185 5.4 ELEMENTS OF INFORMATION PROTECTION 185 CONTENTS 5.5 COMMON THREATS 187 5.6 YOU ADD VALUE! 188 6 WHY POLICIES, STANDARDS, AND PROCEDURES ARE NEEDED 189 6.1 LEGAL REQUIREMENTS 189 6.2 BUSINESS REQUIREMENTS 192 7 THE NEED FOR CONTROLS 192 7.1 THE CHANGING ENVIRONMENT 192 7.2 GOOD BUSINESS PRACTICES 194 8 WHERE TO BEGIN? 195 9 SUMMARY 196 APPENDIX 1A TYPICAL TIER 1 POLICIES 199 1 INTRODUCTION 199 2 TIER 1 POLICIES 200 2.1 SHARED BELIEFS 200 3 EMPLOYEE STANDARDS OF CONDUCT 201 3.1 POLICY 201 3.2 RESPONSIBILITIES 201 3.3 COMPLIANCE 202 3.4 UNACCEPTABLE CONDUCT 202 3.5 HARASSMENT 202 3.6 FIREABLE OFFENSES 203 4 CONFLICT OF INTEREST 203 4.1 POLICY 203 4.2 STANDARDS 204 4.3 RESPONSIBILITIES 204 4.4 COMMON CONFLICT-OF-INTEREST SITUATIONS 204 5 EMPLOYMENT PRACTICES 206 5.1 POLICY 206 5.2 FILLING JOB VACANCIES 206 5.3 TERMINATION OF EMPLOYMENT 206 5.4 RESPONSIBILITIES 206 6 RECORDS MANAGEMENT 207 6.1 POLICY 207 6.2 ROLE OF RETENTION CENTER 207 6.3 ROLE OF RECORDS MANAGER 207 6.4 ROLE OF MANAGEMENT PERSONNEL 207 6.5 ROLE OF DEPARTMENTAL RECORDS COORDINATOR. 208 6.6 TYPE OF DOCUMENTS MAINTAINED IN RETENTION CENTER: 208 6.7 SERVICES 208 6.8 TRANSFERRING RECORDS 208 6.9 RECORD RETRIEVAL 209 XI INFORMATION SECURITY POLICIES AND PROCEDURES 6.10 RECORD DESTRUCTION 209 7 CORPORATE COMMUNICATIONS 210 7.1 POLICY 210 7.2 STANDARDS 210 7.3 RESPONSIBILITIES 210 8 ELECTRONIC COMMUNICATIONS 210 8.1 POLICY 210 8.2 RESPONSIBILITIES 211 8.3 COMPLIANCE 211 9 INTERNET SECURITY 211 9.1 POLICY 211 9.2 PROVISIONS 211 9.3 RESPONSIBILITIES 212 10 INTERNET USAGE AND RESPONSIBILITY STATEMENT 212 11 EMPLOYEE DISCIPLINE 212 11.1 POLICY 212 11.2 POSITIVE RECOGNITION 213 11.3 FORMAL DISCIPLINE 213 11.4 DEACTIVATION 213 11.5 DISCHARGE 214 12 GENERAL SECURITY 214 12.1 POLICY 214 12.2 STANDARDS 214 12.3 RESPONSIBILITIES 214 12.4 COMPLIANCE 215 13 BUSINESS CONTINUITY PLANNING 215 13.1 POLICY 215 13.2 STANDARDS 215 13.3 RESPONSIBILITIES 215 13.4 COMPLIANCE 215 14 INFORMATION PROTECTION 216 14.1 POLICY 216 14.2 RESPONSIBILITIES 216 14.3 COMPLIANCE 216 15 INFORMATION CLASSIFICATION 216 15.1 POLICY 216 15.2 CLASSIFICATION LEVELS .....217 15.3 RESPONSIBILITIES 219 15.4 COMPLIANCE 219 APPENDIX IB TYPICAL TIER 2 POLICIES 221 1 INTRODUCTION 221 2 ELECTRONIC COMMUNICATIONS 222 2.1 POLICY 222 2.2 RESPONSIBILITIES 222 XII CONTENTS 2.3 COMPLIANCE 223 3 INTERNET SECURITY 223 3.1 POLICY . 223 3.2 STANDARDS 223 3.3 RESPONSIBILITIES 224 3.4 COMPLIANCE 224 4 INTERNET USAGE AND RESPONSIBILITY STATEMENT 224 5 COMPUTER AND NETWORK MANAGEMENT 224 5.1 POLICY 224 5.2 RESPONSIBILITIES 226 5.3 SCOPE 226 5.4 COMPLIANCE 226 6 ANTI-VIRUS POLICY 227 6.1 POLICY 227 6.2 SCOPE 227 6.3 RESPONSIBILITIES 227 6.4 COMPLIANCE 227 7 COMPUTER AND NETWORK MANAGEMENT 227 7.1 POLICY 227 7.2 STANDARDS 227 7.3 RESPONSIBILITIES 229 7.4 SCOPE 230 7.5 COMPLIANCE 230 8 PERSONNEL SECURITY 230 8.1 POLICY 230 8.2 SCOPE 230 8.3 RESPONSIBILITIES 231 8.4 COMPLIANCE 231 9 SYSTEMS DEVELOPMENT AND MAINTENANCE POLICY 231 9.1 POLICY 231 9.2 RESPONSIBILITIES 232 9.3 SCOPE 232 9.4 COMPLIANCE 232 10 APPLICATION ACCESS CONTROL POLICY 233 10.1 POLICY 233 10.2 STANDARDS 233 10.3 RESPONSIBILITIES 233 10.4 SCOPE 233 10.5 COMPLIANCE 233 10.6 SUPPORTING STANDARDS 233 11 DATA AND SOFTWARE EXCHANGE POLICY 234 11.1 POLICY 234 11.2 RESPONSIBILITIES 234 11.3 SCOPE 234 11.4 COMPLIANCE 234 XIII INFORMATION SECURITY POLICIES AND PROCEDURES 11.5 SUPPORTING STANDARDS 234 12 NETWORK ACCESS CONTROL 235 12.1 POLICY 235 12.2 RESPONSIBILITIES 235 12.3 SCOPE 235 12.4 COMPLIANCE 235 12.5 SUPPORTING STANDARDS 235 13 NETWORK MANAGEMENT POLICY 236 13.1 POLICY 236 13.2 RESPONSIBILITIES 236 13.3 SCOPE 236 13.4 COMPLIANCE 236 13.5 SUPPORTING STANDARDS 237 14 INFORMATION SYSTEMS OPERATIONS POLICY 237 14.1 POLICY 237 14.2 RESPONSIBILITIES 237 14.3 SCOPE : 237 14.4 COMPLIANCE 237 14.5 SUPPORTING STANDARDS 237 15 PHYSICAL AND ENVIRONMENTAL SECURITY 238 15.1 POLICY 238 15.2 RESPONSIBILITIES 238 15.3 SCOPE 238 15.4 COMPLIANCE . 238 15.5 SUPPORTING STANDARDS 238 16 USER ACCESS POLICY 239 16.1 POLICY 239 16.2 RESPONSIBILITIES 239 16.3 SCOPE 239 16.4 COMPLIANCE 239 16.5 SUPPORTING STANDARDS 239 17 EMPLOYMENT AGREEMENT 240 APPENDIX 1C SAMPLE STANDARDS MANUAL 243 INTRODUCTION 243 THE COMPANY INFORMATION SECURITY STANDARDS MANUAL 243 TABLE OF CONTENTS 243 PREFACE 245 BACKGROUND 245 ABOUT THIS MANUAL 245 USING THE STANDARDS 245 CHANGE CONTROL 246 CORPORATE INFORMATION SECURITY POLICY 246 INTRODUCTION 246 XIV CONTENTS POLICY STATEMENT 246 RESPONSIBILITIES 247 MANAGER 247 INFORMATION SYSTEMS MANAGER/TEAM LEADER 248 INFORMATION AND SYSTEM OWNER 248 INFORMATION AND SYSTEM USER 249 INFORMATION SECURITY MANAGER (ISM) 249 INFORMATION SECURITY ADMINISTRATION 249 STANDARDS 250 RISK MANAGEMENT 250 PERSONNEL SECURITY ISSUES 259 PHYSICAL AND ENVIRONMENTAL SECURITY CONTROLS 259 SECURITY MANAGEMENT 262 INFORMATION CLASSIFICATION PROCESS 263 DISTRIBUTION . 265 REVIEW AND COMPLIANCE MONITORING 265 APPENDIX ID SAMPLE INFORMATION SECURITY MANUAL 269 THE COMPANY INFORMATION SECURITY POLICY MANUAL 269 VERSION CONTROL INFORMATION 269 GENERAL 269 DEFINITION 269 THE SECURITY POLICY COMMITTEE 270 WHAT ARE WE PROTECTING? 270 CLASSIFICATION OF INFORMATION 271 CLASSIFICATION OF COMPUTER SYSTEMS 271 LOCAL AREA NETWORK CLASSIFICATIONS 272 DEFINITIONS 272 AMATEUR HACKERS AND VANDALS 273 CRIMINAL HACKERS AND SABOTEURS 273 DISGRUNTLED EMPLOYEES AND EX-EMPLOYEES 274 USER RESPONSIBILITIES 274 ACCEPTABLE USE POLICY 274 USE OF THE INTERNET 275 USER CLASSIFICATION 276 ACCESS CONTROL POLICY 276 DEPARTMENTAL USER SYSTEM AND NETWORK ACCESS... 277 SYSTEM ADMINISTRATOR ACCESS.... 278 SPECIAL ACCESS 278 CONNECTING TO THIRD-PARTY NETWORKS 279 CONNECTING DEVICES TO THE NETWORK 279 REMOTE ACCESS POLICY 280 PENALTY FOR SECURITY VIOLATION 281 SECURITY INCIDENT HANDLING PROCEDURES 281 CREATE A SECURITY LOG 281 XV INFORMATION SECURITY POLICIES AND PROCEDURES FIVE-STEP PROCEDURE 282 VIRUS AND WORM INCIDENTS 283 MALICIOUS HACKER INCIDENTS 283 PART 2 INFORMATION SECURITY REFERENCE GUIDE CHAPTER 10 INTRODUCTION TO INFORMATION SECURITY 287 1 DEFINITION OF INFORMATION 287 2 WHAT IS INFORMATION SECURITY? 287 3 WHY DO WE NEED TO PROTECT INFORMATION? 287 3.1 CORPORATE POLICIES * INFORMATION MANAGEMENT 287 3.2 CORPORATE POLICIES * SECURITY 288 3.3 CORPORATE POLICIES * STANDARDS OF CONDUCT 288 3.4 CORPORATE POLICIES * CONFLICT OF INTEREST 289 3.5 FOREIGN CORRUPT PRACTICES ACT (FCPA) 289 3.6 FEDERAL COPYRIGHT LAW 289 3.7 FEDERAL ANTITRUST LAWS 289 4 WHAT INFORMATION SHOULD BE PROTECTED? 290 CHAPTER 11 FUNDAMENTALS OF INFORMATION SECURITY 291 1 INTRODUCTION 291 2 INFORMATION AVAILABILITY (BUSINESS CONTINUITY) 291 3 INFORMATION INTEGRITY 293 3.1 SEPARATION OF DUTIES 293 3.2 ROTATION OF ASSIGNMENTS 294 4 INFORMATION CONFIDENTIALITY 294 4.1 AUTHORITY TO DISCLOSE 295 4.2 NEED-TO-KNOW 296 CHAPTER 12 EMPLOYEE RESPONSIBILITIES 297 1 INTRODUCTION 297 2 OWNER 297 3 CUSTODIAN 299 4 USER 299 CHAPTER 13 INFORMATION CLASSIFICATION 301 1 INTRODUCTION 301 1.1 CONFIDENTIAL 301 1.2 INTERNAL USE 303 1.3 PUBLIC 304 2 CLASSIFICATION PROCESS 304 3 RECLASSIFICATION 305 CHAPTER 14 INFORMATION HANDLING 307 1 INTRODUCTION 307 XVI CONTENTS 2 INFORMATION LABELING 307 3 INFORMATION USE AND DUPLICATION 308 4 INFORMATION STORAGE 308 5 INFORMATION DISPOSAL 309 CHAPTER 15 TOOLS OF INFORMATION SECURITY 311 1 INTRODUCTION : 311 2 ACCESS AUTHORIZATION 311 3 ACCESS CONTROL 312 4 BACKUP AND RECOVERY 313 5 AWARENESS 314 CHAPTER 16 INFORMATION PROCESSING 315 1 GENERAL 315 2 RIGHT TO REVIEW 315 3 DESKTOP PROCESSING 316 4 TRAINING 316 5 PHYSICAL SECURITY 317 6 PROPRIETARY SOFTWARE * CONTROLS AND SECURITY 317 7 SOFTWARE CODE OF ETHICS 318 8 COMPUTER VIRUS SECURITY 318 9 OFFICE AUTOMATION : 319 9.1 PHONE/VOICE MAIL 319 9.2 STANDARDS OF CONDUCT FOR ELECTRONIC COMMUNICATION 320 9.3 CELLULAR PHONES 321 9.4 FAX MACHINES 321 . 9.5 INTEROFFICE MAIL... 322 9.6 OFFICE FILE CABINETS AND DESKS 323 9.7 RECORDS MANAGEMENT 323 CHAPTER 17 INFORMATION SECURITY PROGRAM ADMINISTRATION 325 1 INTRODUCTION 325 2 CORPORATE INFORMATION SYSTEMS STEERING COMMITTEE 325 3 CORPORATE INFORMATION SECURITY PROGRAM 325 3.1 CORPORATE INFORMATION SECURITY MANAGER 325 3.2 CORPORATE INFORMATION SECURITY COORDINATOR 326 4 ORGANIZATION INFORMATION SECURITY PROGRAM 326 4.1 ORGANIZATION MANAGEMENT 326 4.2 INFORMATION SECURITY COORDINATORS 326 CHAPTER 18 BASELINE ORGANIZATION INFORMATION SECURITY PROGRAM 329 1 INTRODUCTION 329 2 PRE-PROGRAM DEVELOPMENT 329 XVII INFORMATION SECURITY POLICIES AND PROCEDURES 2.1 DESIGNING YOUR ORGANIZATION S PROGRAM 329 2.2 A PHASED APPROACH TO THE PROGRAM PROCESS ; : 331 2.3 GETTING ASSISTANCE 332 3 PROGRAM DEVELOPMENT PHASE 332 3.1 DETERMINING INITIAL PROGRAM SCOPE AND OBTAINING APPROVAL 332 3.2 ASSESSING THE INFORMATION ENVIRONMENT 334 3.3 DEVELOPING THE PROGRAM ELEMENTS 337 4 PROGRAM IMPLEMENTATION PHASE 350 4.1 PROGRAM IMPLEMENTATION PLAN 350 5 PROGRAM MAINTENANCE PHASE 352 5.1 CONDUCTING PERIODIC INFORMATION SECURITY TEAM MEETINGS 352 5.2 MAINTAINING KNOWLEDGE OF THE INFORMATION ENVIRONMENT 353 5.3 MAINTAINING THE INFORMATION SECURITY PLAN AND BUDGET 353 5.4 MAINTAINING THE PROGRAM ELEMENTS 354 APPENDIX 2A 359 1 INFORMATION HANDLING PROCEDURES MATRIX 359 1.2 ELECTRONICALLY STORED (COMPUTER-BASED) INFORMATION 360 1.3 ELECTRONICALLY TRANSMITTED (COMPUTER- BASED) INFORMATION 361 2 GLOSSARY 362 3 INFORMATION IDENTIFICATION WORKSHEET 364 4 INFORMATION RISK ASSESSMENT WORKSHEET 365 5 SUMMARY AND CONTROLS WORKSHEET 366 6 RISK ASSESSMENT: SELF-ASSESSMENT QUESTIONNAIRE 367 6.1 INFORMATION SECURITY 367 6.2 INFORMATION SECURITY STANDARDS 367 6.3 INFORMATION CLASSIFICATION SYSTEM 367 6.4 EMPLOYEE INFORMATION SECURITY AWARENESS 367 6.5 RECORDS MANAGEMENT 368 6.6 COMPUTER SECURITY , 368 6.7 MICROCOMPUTER SECURITY 369 INDEX 373 XVNI
any_adam_object	1
author	Peltier, Thomas R.
author_facet	Peltier, Thomas R.
author_role	aut
author_sort	Peltier, Thomas R.
author_variant	t r p tr trp
building	Verbundindex
bvnumber	BV023744654
classification_rvk	ST 276
ctrlnum	(OCoLC)265488978 (DE-599)BVBBV023744654
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
edition	2. ed.
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01459nam a2200373zc 4500</leader><controlfield tag="001">BV023744654</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20170720 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">050601s2004 d\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0849319587</subfield><subfield code="9">0-8493-1958-7</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)265488978</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV023744654</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-526</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 276</subfield><subfield code="0">(DE-625)143642:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Peltier, Thomas R.</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Information security policies and procedures</subfield><subfield code="b">a practitioner's reference</subfield><subfield code="c">Thomas R. Peltier</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">2. ed.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Boca Raton [u.a.]</subfield><subfield code="b">Auerbach Publ.</subfield><subfield code="c">2004</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXIII, 384 S.</subfield><subfield code="b">graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datenschutz</subfield><subfield code="0">(DE-588)4011134-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Datenschutz</subfield><subfield code="0">(DE-588)4011134-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2=" "><subfield code="q">text/pdf</subfield><subfield code="u">http://www.gbv.de/dms/bowker/toc/9780849319587.pdf</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">HEBIS Datenaustausch Darmstadt</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=017293729&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-017293729</subfield></datafield></record></collection>
id	DE-604.BV023744654
illustrated	Illustrated
indexdate	2024-07-09T21:33:51Z
institution	BVB
isbn	0849319587
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-017293729
oclc_num	265488978
open_access_boolean
owner	DE-526
owner_facet	DE-526
physical	XXIII, 384 S. graph. Darst.
publishDate	2004
publishDateSearch	2004
publishDateSort	2004
publisher	Auerbach Publ.
record_format	marc
spelling	Peltier, Thomas R. Verfasser aut Information security policies and procedures a practitioner's reference Thomas R. Peltier 2. ed. Boca Raton [u.a.] Auerbach Publ. 2004 XXIII, 384 S. graph. Darst. txt rdacontent n rdamedia nc rdacarrier Computersicherheit (DE-588)4274324-2 gnd rswk-swf Datenschutz (DE-588)4011134-9 gnd rswk-swf Datenschutz (DE-588)4011134-9 s Computersicherheit (DE-588)4274324-2 s DE-604 text/pdf http://www.gbv.de/dms/bowker/toc/9780849319587.pdf Inhaltsverzeichnis HEBIS Datenaustausch Darmstadt application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=017293729&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Peltier, Thomas R. Information security policies and procedures a practitioner's reference Computersicherheit (DE-588)4274324-2 gnd Datenschutz (DE-588)4011134-9 gnd
subject_GND	(DE-588)4274324-2 (DE-588)4011134-9
title	Information security policies and procedures a practitioner's reference
title_auth	Information security policies and procedures a practitioner's reference
title_exact_search	Information security policies and procedures a practitioner's reference
title_full	Information security policies and procedures a practitioner's reference Thomas R. Peltier
title_fullStr	Information security policies and procedures a practitioner's reference Thomas R. Peltier
title_full_unstemmed	Information security policies and procedures a practitioner's reference Thomas R. Peltier
title_short	Information security policies and procedures
title_sort	information security policies and procedures a practitioner s reference
title_sub	a practitioner's reference
topic	Computersicherheit (DE-588)4274324-2 gnd Datenschutz (DE-588)4011134-9 gnd
topic_facet	Computersicherheit Datenschutz
url	http://www.gbv.de/dms/bowker/toc/9780849319587.pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=017293729&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT peltierthomasr informationsecuritypoliciesandproceduresapractitionersreference

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis
Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge