The Bottom Line
Some think that policies are only for Fortune 500 corporations. This book will help to show why all businesses should have a well thought out infosec policy and help ask the questions to define it.
Pros
- Good introduction to infosec policies
- Walks through key questions for creating policies
- Shows why infosec policies are so important
Cons
- Too short to provide comprehensive coverage
Description
- Great book to both introduce and highlight the importance of information security policies
- Helps you ask the right questions to develop an infosec policy for your company
- Book is short- which is a pro and a con. It is easy to get through, but not very comprehensive
- Appendix B contains an excellent list of resources by subject matter to help guide you
Guide Review - Book Review: Writing Information Security Policies
Information security is not a product or something you can install and forget. There is certainly no shortage of products and tools to be used in implementing security, but information security is an ongoing and constantly changing process. Having a well-defined information security policy is the keystone of good security for any company. This book illustrates the importance of infosec policies and helps highlight the areas you should focus on and the questions you should ask in order to create an effective policy for your company. The book is short and easy to get through even for non-techies. I recommend that anyone tasked with creating or maintaining information security read this book and create a policy if you don't have one already.
