Information Security Roles and Responsibilities Made Easy

Information Security Roles and Responsibilities Made Easy by security expert Charles Cresson Wood, provides over 70 pre-written job descriptions, mission statements, and organization charts that you can easily customize for your own organization.

Save Thousands Documenting Your Security Program

Includes time-saving tools and practical, step-by-step instructions on how to develop and document specific information security responsibilities for over 40 different key organizational roles.

Information Security Roles & Responsibilities Made Easy, Version 3.0 provides:

• Over 70 pre-written, time-saving information security documents

  • 29 information-security-related committee, board, and department mission statements, with information security responsibilities reflecting the latest technical and legal requirements.
  • Over 40 information-security-related job descriptions.
  • 12 separate information security organization structures with discussions of pros and cons of each.
  • Specification and discussion of 29 critical information security documents that every organization should have.
  • Standard practices that have been shown to be effective at over 125 organizations around the world.

• Justification to help increase management’s awareness and funding of information security:

  • How to persuade management to properly document information security roles and responsibilities, including an easily-customized sample management memorandum.
  • Reducing the total cost of information security services by properly documented roles and responsibilities.
  • Discussion of responsibility and liability as it relates to documented information security roles, including citations supporting the legal notion of the standard of due care.
  • Information security staffing data and analysis to help gain management support for additional resources.
  • Common mistakes many organizations make and how to avoid them.

• Specific advice on how to plan, document and execute an information security infrastructure project:

  • Information on how to properly review and update information security roles and responsibilities, including department interview techniques.
  • How to schedule project resources and time lines for documenting roles and responsibilities.
  • Detailed discussion of the Data Owner, Custodian and User roles.
  • Actions you should take to reduce your organization’s exposure to workers in information security related positions of trust.
  • The synergy between role based access control (RBAC) and clarification of information security roles and responsibilities.

• How to Maintain Security Dealing with Third Parties:

  • Pros and cons of outsourcing security functions, including validation and security when outsourcing.
  • The security roles and responsibilities of software and hardware vendors.
  • Decision-making criteria for releasing or withholding roles and responsibilities documentation to/from various external parties

• Valuable staffing advice for information security professionals:

  • Characteristics of effective information security professionals, including discussion about the pros and cons of hiring hackers and others who have been on the wrong side of the law.
  • Specific performance criteria for individuals and teams.
  • An expanded list of new information professional certifications with web sites, phone numbers, and addresses for each.

Information Security Roles & Responsibilities Made Easy, Version 3 – Includes is available in electronic download and includes an organization-wide license to reproduce the materials.