Information Security Policies, Procedures, and Standards: A Practitioner’s Reference 1st Edition

I valued this book so much I am also now reading the author's book; The Security Risk Assessment Handbook.

No one likes reading a book on policy development, but another great book by DOUGLAS J. LANDOLL. He provides the information needed to develop or improve an informatin security policy program. The key especially to the federal practitioner is the association between the RMF controls adn policy development. The Security Ploicy Framework is usable across all security architectures/frames ISO27001, COBIT. Good book

In this work, Mr. Landoll, has created a true reference for all of us who wrestle with the task of incorporating meaningful Standards into the Policies and Procedures.What are necessary to create the framework to enable an organization to truly begin to protect itself and its assets from both "Cyber" and other threats (Including national disasters) to build a truly resilient organization. Its a tool that I use often, and look forward to future updates.

I downloaded the sample of this book some days ago and finally decided to procure the book. From what I read so far I very much like the content and would happily give it 4 or 5 stars. But, what I didn't see in the sample and only realised in the final when downloading the full book, are a number of formatting issues. There are many pages in the book that break paragraphs into multiple pages, resulting in a book that is much harder to read. I tested this on my Kindle paper white and the Kindle app on iPad and got similar results. I assume that these issues don't exist in the printed version, but since I don't have one I can't comment on it.

The information as it relates to policies is pretty great. Would be 5 stars but the sections on standards and procedures is very light and doesn't provide any practical examples.

This is an excellent guide and reference when developing security policies for your organization, the author is an expert in the matter and prepared a very valuable material to help you in this journey.

Recommended for anyone who works in the field of information security

ok