You are here: Home Books i Information Security Roles and Responsibilities Made Easy
« April 2018 »
Su Mo Tu We Th Fr Sa
1234567
891011121314
15161718192021
22232425262728
2930
Log in


Forgot your password?
 
Document Actions

Information Security Roles and Responsibilities Made Easy

Job Descriptions, Mission Statements, And Reporting Relationships

Charles Cresson Wood

Publisher: Pentasafe, 2001

ISBN: 1-881585-08-5

Synopsis:

Toggle Synopsis


Table of Contents:

Toggle Table of Contents

  1. What Can This Book and CR-ROM Do For You?
  2. Why Do You Need To Clearly Document Roles & Responsibilities?
  3. Why Has Information Security Become a Team Effort?
  4. What Needs To Happen Before You Document Roles & Responsibilities?
  5. How Often Should You Update Roles & Responsibilities?
  6. Who Should Actually Write Roles & Responsibilities?
  7. What Type Of Review And Approval Process Is Necessary?
  8. What Resources Are Required To Document Roles & Responsibilities?
  9. How Long Does It Take To Document Roles & Responsibilities?
  10. What Specific Documents Should You Prepare?
    1. Information Security Department And Other Department Missions
    2. Information Security Staff And Other Staff Job Descriptions
    3. Information Security Department Reporting Relationship Diagram
    4. Information Security Awareness Pamphlet
    5. Information Security Awareness Reminder Memos
    6. Information Security Policy Manual
    7. Information Security Standards Document
    8. Information Security Architecture Document
    9. Information Security Action Plan
    10. Information Security Forms
    11. Systems Administration Procedures Manual
    12. Risk Acceptance Memos
    13. Information Systems Contingency Planning Manual
    14. Organizational Code Of Conduct
    15. Standard Operating Procedures (SOP) Manual
    16. Systems Development Process Manual
    17. Application Systems Requirement Documents
    18. User and Computer Operations Applications Manuals
    19. Records Management Policies And Procedures Manual
    20. Worker Performance Reviews
    21. Systems Usage Responsibility Agreement
    22. Outsourcing And Consulting Agreement
    23. Confidentiality And Non-Compete Agreements
    24. Human Resources Manual
    25. Physical Security Pamphlet
  11. What Goes Into Mission Statements For Specific Organizational Units?
    1. Information Security Department
    2. Physical (Industrial) Security Department
    3. Internal Audit Department
    4. EDP Audit Department
    5. Ethics And Compliance Unit
    6. External Auditing Firm
    7. Records Management Department
    8. Information Technology Department
    9. Help Desk Unit
    10. Network Operations Unit
    11. Computer Operations Unit
    12. Systems Administration Unit
    13. Database Administration Unit
    14. Data Administration Unit
    15. Insurance And Risk Management Department
    16. Contingency Planning Unit
    17. Computer Emergency Response Team
    18. Legal Department
    19. Human Resources Department
    20. Information Security Management Committee
    21. Information Technology Steering Committee
    22. Board of Directors -- Audit Committee
    23. Internal Control Committee
    24. Facilities Management Outsourcing Firm
  12. What Goes Into Job Descriptions For Specific Team Players?
    1. Information Security Department Manager
    2. Access Control System Administrator
    3. Internal Information Security Consultant
    4. Information Security Engineer
    5. Information Security Documentation Specialist
    6. Information Security Contingency Planner
    7. Local Information Security Coordinator
    8. Chief Information Officer
    9. Information Systems Analyst/Business Analyst
    10. Systems Programmer
    11. Business Applications Programmer
    12. Computer Operations Manager
    13. Computer Operator
    14. Information Systems Quality Assurance Analyst
    15. Help Desk Associate
    16. Archives Manager/Records Manager
    17. Telecommunications Manager
    18. Systems Administrator/Network Administrator
    19. Web Site Administrator/Commerce Site Administrator
    20. Database Administrator
    21. Data Administration Manager
    22. Physical Security Department Manager
    23. Physical Asset Protection Specialist
    24. Building And Facilities Guard
    25. Office Maintenance Worker
    26. Internal Audit Department Manager
    27. EDP Auditor
    28. Internal Intellectual Property Attorney
    29. Human Resources Department Manager
    30. Human Resources Consultant
    31. Receptionist
    32. Outsourcing Contract Administrator
    33. In-House Trainer
    34. Insurance And Risk Management Department Manager
    35. Insurance And Risk Management Analyst
    36. Business Contingency Planner
    37. Public Relations Manager
    38. Chief Financial Officer
    39. Purchasing Agent
    40. Chief Executive Officer
  13. What Reporting Relationships Should Information Security Have?
  14. What Factors Will Affect The Customization Of These Templates?
  15. Where Do The Owner, Custodian, And User Roles Fit In?
    1. Owners
    2. Custodians
    3. Users
    4. Overall Comments
  16. What Does A Systems Usage Responsibility Agreement Look Like?
  17. What Roles & Responsibilities Do Product Vendors Have?
  18. What Roles & Responsibilities Do Outsourcing Firms Have?
    1. Risks Of Outsorcing
    2. Typical Areas To Outsource
    3. Topics To Include In An Outsourcing Contract
    4. Due Diligence To Perform Before Outsourcing
  19. What Options Are Available For Smaller Organizations?
  20. Is A Centralized Or Decentralized Organization Structure Better?
    1. A Few Critical Distinctions
    2. Why Centralized Information Security Management Is Advisable
    3. Resolving A Variety Of Implementation Issues
  21. What Common Roles & Responsibilities Mistakes Should You Avoid?
Appendices
  1. Statistical Study On Customary Staffing Levels
  2. Personality Characteristics Of An Effective Information Security Manager
  3. Criteria For Evaluating The Performance Of Information Security
  4. Relevant Professional Certifications And What They Mean
  5. Management Responsibility And Legal Liability
  6. Author's Biographical Sketch
  7. Selected Sources & References
  8. Suggestion Form Soliciting Input To The Next Edition Of This Book
  9. Computer Files Provided And Their Contents
  10. Diagram Of Roles & Responsibilities Definition Process

Reviews:

Information Security Roles and Responsibilities Made Easy

by Roland Buresund last modified 2008-11-14 14:31

Rating: ********** (Excellent)

Do you need a job/role description for information security? It probably exists in this book.


Powered by Plone, the Open Source Content Management System

This site conforms to the following standards: