Everything you need to know about information security programs and policies in one book Clearly explains all facets of InfoSec program and policy planning development deployment and management Thoroughly updated for today s challenges laws regulations and best practices The perfect resource for anyone pursuing an information security management career In today s dangerous world failures in information security can be catastrophic. Organizations must protect themselves. Protection begins with comprehensive realistic policies. This up-to-date guide will help you create deploy and manage them. Complete and easy to understand it explains key concepts and techniques through real-life examples. You ll master modern information security regulations and frameworks and learn specific best-practice policies for key industry sectors including finance healthcare online commerce and small business. If you understand basic information security you re ready to succeed with this book. You ll find projects questions exercises examples links to valuable easy-to-adapt information security policies...everything you need to implement a successful information security program. Sari Stern Greene CISSP CRISC CISM NSA/IAM is an information security practitioner author and entrepreneur. She is passionate about the importance of protecting information and critical infrastructure. Sari founded Sage Data Security in 2002 and has amassed thousands of hours in the field working with a spectrum of technical operational and management personnel as well as boards of directors regulators and service providers. Her first text was Tools and Techniques for Securing Microsoft Networks commissioned by Microsoft to train its partner channel which was soon followed by the first edition of Security Policies and Procedures: Principles and Practices . She is actively involved in the security community and speaks regularly at security conferences and workshops. She has been quoted in The New York Times Wall Street Journal and on CNN and CNBC. Since 2010 Sari has served as the chair of the annual Cybercrime Symposium. Learn how to ? Establish program objectives elements domains and governance ? Understand policies standards procedures guidelines and plans--and the differences among them ? Write policies in plain language with the right level of detail ? Apply the Confidentiality Integrity & Availability (CIA) security model ? Use NIST resources and ISO/IEC 27000-series standards ? Align security with business strategy ? Define inventory and classify your information and systems ? Systematically identify prioritize and manage InfoSec risks ? Reduce people-related risks with role-based Security Education Awareness and Training (SETA) ? Implement effective physical environmental communications and operational security ? Effectively manage access control ? Secure the entire system development lifecycle ? Respond to incidents and ensure continuity of operations ? Comply with laws and regulations including GLBA HIPAA/HITECH FISMA state data security and notification rules and PCI DSS