Includes bibliographical references (p. 419-425) and index.

Note continued: Disaster Recovery Procedures for Mission-Critical System, Application, or Data Functionality and Recovery -- RTO Policies Based on Disaster Scenario -- Best Practices for Risk Management Policies -- Case Studies and Examples of Risk Management Policies -- Private Sector Case Example -- Public Sector Case Example -- Critical Infrastructure Case Study -- Chapter Summary -- Key Concepts and Terms -- ch. 11 Assessment -- ch. 12 Incident Response Team (IRT) Policies -- Incident Response Policy -- What Is an Incident? -- Incident Classification -- The Response Team Charter -- Incident Response Team Members -- Responsibilities During an Incident -- Users on the Front Line -- System Administrators -- Information Security Personnel -- Management -- Support Services -- Other Key Roles -- Procedures for Incident Response -- Discovering an Incident -- Reporting an Incident -- Containing and Minimizing the Damage -- Cleaning Up After the Incident -- Documenting the Incident and Actions -- Analyzing the Incident and Response -- Creating Mitigation to Prevent Future Incidents -- Handling the Media and What to Disclose -- Best Practices for Incident Response Policies -- Case Studies and Examples of Incident Response Policies -- Private Sector Case Study -- Public Sector Case Study -- Critical Infrastructure Case Study -- Chapter Summary -- Key Concepts and Terms -- ch. 12 Assessment -- pt. THREE Implementing and Maintaining an IT Security Policy Framework -- ch. 13 IT Security Policy Implementations -- Implementation Issues for IT Security Policies -- Organizational Challenges -- Organizational and Cultural Change -- Organizational and Individual Acceptance -- Security Awareness Policy Implementations -- Development of an Organization-Wide Security Awareness Policy -- Conducting Security Awareness Training Sessions -- Executive Management Sponsorship -- Human Resources (HR) Ownership of New Employee Orientation -- Review of Acceptable Use Policies (AUPs) -- Information Dissemination -- How to Educate Employees -- Hard Copy Dissemination -- Posting Policies on the Intranet -- Using E-mail -- Brown Bag Lunch and Learning Sessions -- Overcoming Technical Hindrances -- Distributed Infrastructure -- Outdated Technology -- Lack of Standardization Throughout the IT Infrastructure -- Overcoming Nontechnical Hindrances -- Distributed Environment -- User Types -- Lack of Executive Management Support -- Best Practices for IT Security Policy Implementations -- Case Studies and Examples of Successful IT Security Policy Implementations -- Private Sector Case Study -- Public Sector Case Study -- Critical Infrastructure Case Study -- Chapter Summary -- Key Concepts and Terms -- ch. 13 Assessment -- Endnote -- ch. 14 IT Security Policy Enforcement -- Organizational Support for IT Security Policy Enforcement -- Executive Management Must Provide Sponsorship -- Hierarchical Organizational Approach to Ensure Roles, Responsibilities, and Accountabilities are Defined for Security Policy Implementation -- Front-Line Managers and Supervisors Must Take Responsibility and Accept Accountability -- Grass-Roots Employees -- An Organization's Right to Monitor User Actions and Traffic -- Compliance Law: Requirement or Risk Management? -- What Is Law and What is Policy? -- What Security Controls Work to Enforce Protection of Privacy Data? -- What Automated Security Controls Can Be Implemented Through Policy? -- What Manual Security Controls Assist with Enforcement? -- Legal Implications of IT Security Policy Enforcement -- Who Is Ultimately Liable for Risk, Threats, and Vulnerabilities? -- Where Must IT Security Policy Enforcement Come From? -- Best Practices for IT Security Policy Enforcement -- Case Studies and Examples of Successful IT Security Policy Enforcement -- Private Sector Case Study -- Public Sector Case Study -- Critical Infrastructure Case Study -- Chapter Summary -- Key Concepts and Terms -- ch. 14 Assessment -- ch. 15 IT Policy Compliance Systems and Emerging Technologies -- Defining a Baseline Definition for Information Systems Security -- Policy-Defining Overall IT Infrastructure Security Definition -- Vulnerability Window and Information Security Gap Definition -- Tracking, Monitoring, and Reporting IT Security Baseline Definition and Policy Compliance -- Automated Systems -- Manual Tracking and Reporting -- Random Audits and Departmental Compliance -- Overall Organizational Report Card for Policy Compliance -- Automating IT Security Policy Compliance -- Automated Policy Distribution -- Configuration Management and Change Control Management -- Collaboration and Policy Compliance across Business Areas -- Version Control for Policy Implementation Guidelines and Compliance -- Emerging Technologies and Solutions -- SCAP -- SNMP -- WBEM -- WMI -- Digital Signing -- Best Practices for IT Security Policy Compliance Monitoring -- Case Studies and Examples of Successful IT Security Policy Compliance Monitoring -- Private Sector Case Studies -- Public Sector Case Study -- Critical Infrastructure Case Study -- Chapter Summary -- Key Concepts and Terms -- ch. 15 Assessment.

"The study of information system security concepts and domains is an essential part of the education of computer science students and professionals alike. Security Policies and Implementation Issues offers a comprehensive, end-to-end view of information security policies and frameworks from the raw organizational mechanics of building to the psychology of implementation. It presents an effective balance between technical knowledge and soft skills, and introduces many different concepts of information security in clear simple terms such as governance, regulator mandates, business drivers, legal considerations, and much more. With step-by-step examples and real-world exercises, this book is a must-have resource for students, security officers, auditors, and risk leaders looking to fully understand the process of implementing successful sets of security policies and frameworks."--Resource description page.