What’s New in Version 3?

Information Security Roles and Responsibilities Made Easy, Version 3 is the new and updated version of the best-selling security resource by Charles Cresson Wood, CISSP, CISA, CISM. Version 3 is based on the 30 year consulting and security experience of Mr. Wood and contains these new, updated features to help you save money while establishing a due-care information security organization:

New Department Mission Statements

1. Updated information-security-related committee, board, and department mission statements, including new descriptions for Disaster Recovery Team, Change Control Committee, Privacy Oversight Committee, and a Board Of Directors Governance Committee.

New information-security-related job descriptions

2. Over forty updated information-security-related job descriptions including brand new job descriptions for Chief Privacy Officer (CPO), Chief Security Officer (CSO), Chief Knowledge Officer (CKO), Ethics Officer and Data Librarian.

3. Expanded job descriptions and mission statements reflecting the latest business and technological developments (such as digital rights management systems and wireless networks) and legislative and regulatory requirements such as those of the Sarbanes Oxley Act.

More Expert Advice on Building the Security Organization

4. Additional management justifications for compiling, documenting and updating roles and responsibilities, including ways in which this effort minimizes the cost of providing adequate information security services.

5. A significantly expanded discussion of the pros and cons of outsourcing the information security function, including outsourcing-firm due-diligence, secure outsourcing procedures, and possible conflicts of interest when retaining a third party.

6. Actions you should take to reduce your organization’s exposure to workers in information security related positions of trust.

7. Added citations supporting the legal notion of the standard of due care as it relates to management responsibility, including discussion of the Hooper Doctrine, to help justify an investment in information security organizational infrastructure.

8. An expanded discussion of the personality characteristics needed for work in information security, including discussion about the pros and cons of hiring hackers and others who have been on the wrong side of the law

9. New decision-making criteria for releasing or withholding roles and responsibilities documentation to/from various external parties.

10. Updated information security professional certifications with web sites, phone numbers, and addresses so the reader can easily get more information about them.

11. A new appendix which explores the synergy between role based access control (RBAC) and clarification of information security roles and responsibilities.

Information Security Roles and Responsibilities Made Easy, Version 3.0 contains easily-customized documents in MS-Word format.  For more information contact us or request your free sample job descriptions.