Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Information Security Policies, Procedures, and Standards", Thomas R. Peltier

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKISPPAS.RVW 20020923 Information Security Policies, Procedures, and Standards , Thomas R. Peltier, 2002, 0-8493-1137-3 %A Thomas R. Peltier %C 920
    Message 1 of 1 , Dec 4, 2002
      BKISPPAS.RVW 20020923

      "Information Security Policies, Procedures, and Standards", Thomas R.
      Peltier, 2002, 0-8493-1137-3
      %A Thomas R. Peltier
      %C 920 Mercer Street, Windsor, ON N9A 7C2
      %D 2002
      %G 0-8493-1137-3
      %I Auerbach Publications
      %O U$69.95 +1-800-950-1216 auerbach@... orders@...
      %O http://www.amazon.com/exec/obidos/ASIN/0849311373/robsladesinterne
      %P 297 p.
      %T "Information Security Policies, Procedures, and Standards"

      Chapter one provides vague meanderings about information protection
      fundamentals. The author's opinion about how to write is given in
      chapter two. In the ultimate triumph of style over substance, this
      drafting advice is given before any examination of actual policy
      development. Chapter three defines policy and some related topics
      with lots of verbiage and overly lengthy examples. There are lots of
      sample mission statements in chapter four, although it is not really
      apparent why we are talking about this particular topic. The
      structure of chapter five, dealing with standards, is very confused,
      and the purpose of the examples given is unclear. (There is also an
      extremely odd assertion that standards, which are by definition rigid,
      must be "flexible.") We are given more writing advice, supposedly in
      aid of procedures, in chapter six. Chapter seven talks about
      information classification for a few paragraphs and then lays out a
      thirty page example. Random security thoughts and banal training
      ideas make up the security awareness program in chapter eight.
      Generic project management advice is in chapter nine. Chapter ten
      contains suggested topics for a security policy. What the book said
      is repeated in chapter eleven.

      The appendices include a very short sample policy, and a policy
      development checklist.

      Barman's "Writing Information Security Policies" (cf. BKWRINSP.RVW)
      provides far better advice on both the process and the topics to be
      covered in creating a security policy. Even "Information Security
      Policies Made Easy" (cf. BKISPME.RVW) is better, for all that people
      tend to misuse it. Peltier's book provides little of use to the
      harried security manager.

      copyright Robert M. Slade, 2002 BKISPPAS.RVW 20020923

      rslade@... rslade@... slade@... p1@...
      Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
      Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
      December 16, 2002 December 20, 2002 San Francisco, CA
      February 10, 2003 February 14, 2003 St. Louis, MO
      March 31, 2003 April 4, 2003 Indianapolis, IN
    Your message has been successfully submitted and would be delivered to recipients shortly.