computersecurityhandbook.com
Home  >  Fourth Edition  >  Chapter 28
Chapter 28 –  Security Policy Guidelines
     M. E. Kabay, PhD, CISSP

Chapter Contents:

   28.1    Introduction
   28.2    Terminology
   28.2.1    Policy
   28.2.2    Controls
   28.2.3    Standards
   28.2.4    Procedures
   28.3    Resources for Policy Writers
   28.3.1    ISO 17799
   28.3.1.1    Overview of BS7799 and ISO 17799
   28.3.1.2    ISO 17799 Resources
   28.3.2    COBIT
   28.3.2.1    Overview of COBIT
   28.3.2.2    COBIT Framework
   28.3.2.3    Control Objectives
   28.3.2.4    Audit Guidelines
   28.3.2.5    Implementation Tool Set
   28.3.2.6    Management Guidelines
   28.3.2.7    Summary of COBIT
   28.3.3    Informal Security Standards
   28.3.3.1    CERT-CC Documentation
   28.3.3.2    NSA Security Guidelines
   28.3.3.3    U.S. Federal Best Security Practices
   28.3.3.4    RFC2196 (Site Security Handbook)
   28.3.3.5    IT Baseline Protection Manual
   28.3.4    Commercially Available Policy Guides
   28.3.4.1    ISPME (Charles Cresson Wood)
   28.3.4.2    Tom Peltier's Practitioner's Reference
   28.3.4.3    SANS Resources
   28.4    Writing the Policies
   28.4.1    Orientation: Prescriptive and Proscriptive
   28.4.2    Writing Style
   28.4.3    Reasons
   28.5    Organizing the Policies
   28.5.1    Topical Organization
   28.5.2    Organizational
   28.6    Presenting the Policies
   28.6.1    Printed Text
   28.6.2    Electronic One-Dimensional Text
   28.6.3    Hypertext
   28.6.3.1    HTML and XML
   28.6.3.2    Rich Text Format and Proprietary Word-Processor Files
   28.6.3.3    Portable Document Format
   28.6.3.4    Help Files
   28.7    Maintaining Policies
   28.7.1    Review Process
   28.7.2    Announcing Changes
   28.8    Summary
   28.9    For Further Reading

Please report problems to the webmaster at: webmaster@removethis.rlgsc.com
copyright 2002-2006, Robert Gezelter, All Rights Reserved