Why manage this process as a project? -- Planning and preparation -- Developing policies -- Asset classification policy -- Developing standards -- Developing procedures -- Creating a table of contents -- Understanding how to sell policies, standards, and procedures.
Information Security Policies and Procedures: A Practitioner's Reference, Second Edition illustrates how policies and procedures support the efficient running of an organization. This book is divided into two parts: an overview of security policies and procedures and an information security reference guide. This volume points out how security documents and standards are key elements in the business process that should never be undertaken to satisfy a perceived audit or security requirement. Instead, policies, standards, and procedures should exist only to support business objectives or mission requirements; they are elements that aid in the execution of management policies.