Information Security Roles and Responsibilities Made Easy

Information Security Roles & Responsibilities Made Easy, Version 3.0 provides:
1. Over 70 pre-written, time-saving information security documents including:

• 29 information-security-related committee, board, and department mission statements, with information security responsibilities reflecting the latest technical and legal requirements.
• Over 40 information-security-related job descriptions.
• 12 separate information security organization structures with discussions of pros and cons of each.
• Specification and discussion of 29 critical information security documents that every organization should have.
• Standard practices that have been shown to be effective at over 125 organizations around the world.

2. Justification to help increase management’s awareness and funding of information security, including:

• How to persuade management to properly document information security roles and responsibilities, including an easily-customized sample management memorandum.
• Reducing the total cost of information security services by properly documented roles and responsibilities.
• Discussion of responsibility and liability as it relates to documented information security roles, including citations supporting the legal notion of the standard of due care.
• Information security staffing data and analysis to help gain management support for additional resources.
  Common mistakes many organizations make and how to avoid them.

3. Specific advice on how to plan, document and execute an information security infrastructure project including:

• Information on how to properly review and update information security roles and responsibilities, including department interview techniques.
• How to schedule project resources and time lines for documenting roles and responsibilities.
• Detailed discussion of the Data Owner, Custodian and User roles.
• Actions you should take to reduce your organization’s exposure to workers in information security related positions of trust.
• The synergy between role based access control (RBAC) and clarification of information security roles and responsibilities.

4. Practical advice on how to maintain security when dealing with third parties, including:

• Pros and cons of outsourcing security functions, including validation and security when outsourcing.
• The security roles and responsibilities of software and hardware vendors.
• Decision-making criteria for releasing or withholding roles and responsibilities documentation to/from various external parties

5. Valuable staffing advice and descriptions for information security professionals including:

• Characteristics of effective information security professionals, including discussion about the pros and cons of hiring hackers and others who have been on the wrong side of the law.
• Specific performance criteria for individuals and teams.
• An expanded list of new information professional certifications with web sites, phone numbers, and addresses for each.

Information Security Roles & Responsibilities Made Easy, Version 3 – Includes is available in electronic download and includes an organization-wide license to reproduce the materials.