Information Security Roles and Responsibilities Made Easy

 Information Security Roles and Responsibilities Made Easy by security expert Charles Cresson Wood, provides over 70 pre-written job descriptions, mission statements, and organization charts that you can easily customize for your own organization.

Now Part of ComplianceShield

Information Security Roles

The quickest way to define and document your information security organization.  Over 70 job descriptions integrated with policies and controls via ComplianceShield.

Save Thousands Documenting Your Security Program

Includes time-saving tools and practical, step-by-step instructions on how to develop and document specific information security responsibilities for over 40 different key organizational roles.

Information Security Roles & Responsibilities Made Easy, Version 3.0 provides:

Over 70 pre-written, time-saving information security documents

  • 29 information-security-related committee, board, and department mission statements, with information security responsibilities reflecting the latest technical and legal requirements.
  • Over 40 information-security-related job descriptions.
  • 12 separate information security organization structures with discussions of pros and cons of each.
  • Specification and discussion of 29 critical information security documents that every organization should have.
  • Standard practices that have been shown to be effective at over 125 organizations around the world.

Justification to help increase management’s awareness and funding of information security:

  • How to persuade management to properly document information security roles and responsibilities, including an easily-customized sample management memorandum.
  • Reducing the total cost of information security services by properly documented roles and responsibilities.
  • Discussion of responsibility and liability as it relates to documented information security roles, including citations supporting the legal notion of the standard of due care.
  • Information security staffing data and analysis to help gain management support for additional resources.
  • Common mistakes many organizations make and how to avoid them.

Specific advice on how to plan, document and execute an information security infrastructure project:

  • Information on how to properly review and update information security roles and responsibilities, including department interview techniques.
  • How to schedule project resources and time lines for documenting roles and responsibilities.
  • Detailed discussion of the Data Owner, Custodian and User roles.
  • Actions you should take to reduce your organization’s exposure to workers in information security related positions of trust.
  • The synergy between role based access control (RBAC) and clarification of information security roles and responsibilities.

How to Maintain Security Dealing with Third Parties

  • Pros and cons of outsourcing security functions, including validation and security when outsourcing.
  • The security roles and responsibilities of software and hardware vendors.
  • Decision-making criteria for releasing or withholding roles and responsibilities documentation to/from various external parties

Valuable staffing advice  for information security professionals:

  • Characteristics of effective information security professionals, including discussion about the pros and cons of hiring hackers and others who have been on the wrong side of the law.
  • Specific performance criteria for individuals and teams.
  • An expanded list of new information professional certifications with web sites, phone numbers, and addresses for each.

Information Security Roles & Responsibilities Made Easy, Version 3 – Is now part of ComplianceShield – Content Essentials available for electronic download and includes an organization-wide license to reproduce the materials.