Content: COPYRIGHT
CONTENTS
ACKNOWLEDGMENTS
INTRODUCTION
PART I Guiding Principles in Plan Development
CHAPTER 1 The Role of the Information Security Program
GETTING OFF ON THE RIGHT FOOT
ESTABLISHING THE ROLE OF SECURITY
RELATIONSHIPS
CHECKLIST: KEY ROLES OF THE PROGRAM
CHAPTER 2 Laws and Regulations
WORKING WITH THE LEGAL AND COMPLIANCE DEPARTMENTS
LEGAL BACKGROUND
RESOURCES
CHECKLIST: KEY POINTS IN INFORMATION SECURITY LEGAL ISSUES
CHAPTER 3 Assessments
INTERNAL AUDITS
EXTERNAL AUDITS
ASSESSMENTS
CHECKLIST: KEY POINTS IN ASSESSMENTS
PART II Plan Implementation. CHAPTER 4 Establishing Policies and ProceduresPURPOSE OF POLICIES
POLICIES TO CREATE
DEALING WITH EXISTING DOCUMENTS
GETTING BUY-IN
POLICY REVIEW
CHECKLIST: KEY POINTS IN ESTABLISHING POLICIES AND PROCEDURES
CHAPTER 5 Implementing the Security Plan
WHERE TO START
WORKING WITH SYSTEM ADMINISTRATORS
WORKING WITH MANAGEMENT
EDUCATING USERS
CHECKLIST: KEY POINTS IN IMPLEMENTING THE SECURITY PLAN
CHAPTER 6 Deploying New Projects and Technologies
NEW BUSINESS PROJECTS
CHECKLIST: KEY POINTS IN DEPLOYING BUSINESS PROJECTS
CHAPTER 7 Security Training and Awareness
USER AWARENESS. MANAGEMENT AWARENESSSECURITY TEAM TRAINING AND AWARENESS
TRAINING METHODS
CHECKLIST: KEY POINTS FOR SECURITY TRAINING AND AWARENESS
CHAPTER 8 Monitoring Security
POLICY MONITORING
NETWORK MONITORING
AUDIT LOG MONITORING
VULNERABILITY MONITORING
CHECKLIST: KEY POINTS IN MONITORING SECURITY
PART III Plan Administration
CHAPTER 9 Budgeting for Security
ESTABLISHING THE NEED
BUILDING THE BUDGET
OTHER CONSIDERATIONS
STICK TO YOUR BUDGET
CHECKLIST: KEY POINTS IN SECURITY PROGRAM BUDGETING
CHAPTER 10 The Security Staff
SKILL AREAS
HIRING GOOD PEOPLE
SMALL ORGANIZATIONS. LARGE ORGANIZATIONSCHECKLIST: KEY POINTS IN HIRING STAFF
CHAPTER 11 Reporting
PROGRESS ON PROJECT PLANS
STATE OF SECURITY
RETURN ON INVESTMENT
INCIDENTS
AUDITS
CHECKLIST: KEY POINTS IN SECURITY REPORTING
PART IV How to Respond to Incidents
CHAPTER 12 Incident Response
THE TEAM
IDENTIFYING THE INCIDENT
ESCALATION
CONTAINMENT
ERADICATION
DOCUMENTATION
LEGAL ISSUES
CHECKLIST: KEY POINTS IN INCIDENT RESPONSE
CHAPTER 13 Developing Contingency Plans
DEFINING DISASTERS
IDENTIFYING CRITICAL SYSTEMS AND DATA
PREPAREDNESS
PUTTING THE RECOVERY TEAM AND STEERING COMMITTEE TOGETHER. GENERAL PROCEDURESRESOURCES
CHECKLIST: KEY POINTS FOR CONTINGENCY PLANS
CHAPTER 14 Responding to Disasters
REALITY CHECK
DEFINING AUTHORITY AND THE TEAM
FOLLOWING OR NOT FOLLOWING THE PLAN
PHASES OF A DISASTER
CHECKLIST: KEY POINTS IN DISASTER RESPONSE
PART V Appendixes
APPENDIX A Handling Audits
BEING PART OF THE TEAM
INTERNAL AUDITS
EXTERNAL AUDITS
SECURITY'S RESPONSE TO THE AUDIT
CHECKLIST: KEY POINTS IN HANDLING AUDITS
APPENDIX B Outsourcing Security
SERVICES TO OUTSOURCE
CHOOSING WHAT TO OUTSOURCE
CHOOSING A VENDOR
WORKING WITH THE VENDOR.