Save Thousands Documenting Your Security Program
Includes time-saving tools and practical, step-by-step instructions on how to develop and document specific information security responsibilities for over 40 different key organizational roles.
Information Security Roles & Responsibilities Made Easy provides:
Over 70 pre-written, time-saving information security documents
- 29 information-security-related committee, board, and department mission statements, with information security responsibilities reflecting the latest technical and legal requirements.
- Over 40 information-security-related job descriptions.
- 12 separate information security organization structures with discussions of pros and cons of each.
- Specification and discussion of 29 critical information security documents that every organization should have.
- Standard practices that have been shown to be effective at over 125 organizations around the world.
Justification to help increase management’s awareness and funding of information security:
- How to persuade management to properly document information security roles and responsibilities, including an easily-customized sample management memorandum.
- Reducing the total cost of information security services by properly documented roles and responsibilities.
- Discussion of responsibility and liability as it relates to documented information security roles, including citations supporting the legal notion of the standard of due care.
- Information security staffing data and analysis to help gain management support for additional resources.
- Common mistakes many organizations make and how to avoid them.
Specific advice on how to plan, document and execute an information security infrastructure project:
- Information on how to properly review and update information security roles and responsibilities, including department interview techniques.
- How to schedule project resources and time lines for documenting roles and responsibilities.
- Detailed discussion of the Data Owner, Custodian and User roles.
- Actions you should take to reduce your organization’s exposure to workers in information security related positions of trust.
- The synergy between role based access control (RBAC) and clarification of information security roles and responsibilities.
How to Maintain Security Dealing with Third Parties
- Pros and cons of outsourcing security functions, including validation and security when outsourcing.
- The security roles and responsibilities of software and hardware vendors.
- Decision-making criteria for releasing or withholding roles and responsibilities documentation to/from various external parties
Valuable staffing advice for information security professionals:
- Characteristics of effective information security professionals, including discussion about the pros and cons of hiring hackers and others who have been on the wrong side of the law.
- Specific performance criteria for individuals and teams.
- An expanded list of new information professional certifications with web sites, phone numbers, and addresses for each.
