Home  >  Fourth Edition  >  Chapter 28
Chapter 28 –  Security Policy Guidelines
     M. E. Kabay, PhD, CISSP

Chapter Contents:

   28.1    Introduction
   28.2    Terminology
   28.2.1    Policy
   28.2.2    Controls
   28.2.3    Standards
   28.2.4    Procedures
   28.3    Resources for Policy Writers
   28.3.1    ISO 17799    Overview of BS7799 and ISO 17799    ISO 17799 Resources
   28.3.2    COBIT    Overview of COBIT    COBIT Framework    Control Objectives    Audit Guidelines    Implementation Tool Set    Management Guidelines    Summary of COBIT
   28.3.3    Informal Security Standards    CERT-CC Documentation    NSA Security Guidelines    U.S. Federal Best Security Practices    RFC2196 (Site Security Handbook)    IT Baseline Protection Manual
   28.3.4    Commercially Available Policy Guides    ISPME (Charles Cresson Wood)    Tom Peltier's Practitioner's Reference    SANS Resources
   28.4    Writing the Policies
   28.4.1    Orientation: Prescriptive and Proscriptive
   28.4.2    Writing Style
   28.4.3    Reasons
   28.5    Organizing the Policies
   28.5.1    Topical Organization
   28.5.2    Organizational
   28.6    Presenting the Policies
   28.6.1    Printed Text
   28.6.2    Electronic One-Dimensional Text
   28.6.3    Hypertext    HTML and XML    Rich Text Format and Proprietary Word-Processor Files    Portable Document Format    Help Files
   28.7    Maintaining Policies
   28.7.1    Review Process
   28.7.2    Announcing Changes
   28.8    Summary
   28.9    For Further Reading

Please report problems to the webmaster at:
copyright 2002-2006, Robert Gezelter, All Rights Reserved