CONTENIDO
Copyright
About the Author
About the Technical Reviewers
Acknowledgments
Tell Us What You Think
Introduction
Part I: Starting the Policy Process
Chapter 1. What Information Security Policies Are
About Information Security Policies
Why Policies Are Important
When Policies Should Be Developed
How Policies Should Be Developed
Chapter 2. Determining Your Policy Needs
Identify What Is to Be Protected
Identify From Whom It Is Being Protected
Data Security Considerations
Backups, Archival Storage, and Disposal of Data
Intellectual Property Rights and Policies
Incident Response and Forensics
Chapter 3. Information Security Responsibilities
Management Responsibility
Role of the Information Security Department
Other Information Security Roles
Understanding Security Management and Law Enforcement
Information Security Awareness Training and Support
Part II: Writing the Security Policies
Chapter 4. Physical Security
Computer Location and Facility Construction
Facilities Access Controls
Contingency Planning
General Computer Systems Security
Periodic System and Network Configuration Audits
Staffing Considerations
Chapter 5. Authentication and Network Security
Network Addressing and Architecture
Network Planning
Network Access Control
Login Security
Passwords
User Interface
Access Controls
Telecommuting and Remote Access
Chapter 6. Internet Security Policies
Understanding the Door to the Internet
Administrative Responsibilities
User Responsibilities
World Wide Web Policies
Application Responsibilities
VPNs, Extranets, Intranets, and Other Tunnels
Modems and Other Backdoors
Employing PKI and Other Controls
Electronic Commerce
Chapter 7. Email Security Policies
Rules for Using Email
Administration of Email
Use of Email for Confidential Communication
Chapter 8. Viruses, Worms, and Trojan Horses
The Need for Protection
Establishing the Type of Virus Protection
Rules for Handling Third-Party Software
User Involvement with Viruses
Chapter 9. Encryption
Legal Issues
Managing Encryption
Handling Encryption and Encrypted Data
Key Generation Considerations
Key Management
Chapter 10. Software Development Policies
Software Development Processes
Testing and Documentation
Revision Control and Configuration Management
Third-Party Development
Intellectual Property Issues
Part III: Maintaining the Policies
Chapter 11. Acceptable Use Policies
Writing the AUP
User Login Responsibilities
Use of Systems and Network
User Responsibilities
Organization's Responsibilities and Disclosures
Common-Sense Guidelines About Speech
Chapter 12. Compliance and Enforcement
Testing and Effectiveness of the Policies
Publishing and Notification Requirements of the Policies
Monitoring, Controls, and Remedies
Administrator's Responsibility
Logging Considerations
Reporting of Security Problems
Considerations When Computer Crimes Are Committed
Chapter 13. The Policy Review Process
Periodic Reviews of Policy Documents
What the Policy Reviews Should Include
The Review Committee
Part IV: Appendixes
Appendix A. Glossary
Appendix B. Resources
Appendix C. Sample Policies