Information Security Roles and Responsibilities Made Easy

The new reference book, Information Security Roles & Responsibilities Made Easy book and companion CD-ROM, provides practical, step-by-step instructions on how to develop specific information security roles and responsibilities. This book provides advice on how to get management to pay more attention to information security and allocate realistic budgets for information security staffing. The book will help you quantify and generate more respect for the information security function within a company by pointing out ways that an information security team adds value to a business.

This new book and companion CD-ROM, is a publishing first providing mission statements, 40+ job descriptions, reporting diagrams and more.

1. What Can This Book and CR-ROM Do For You?
2. Why Do You Need To Clearly Document Roles & Responsibilities?
3. Why Has Information Security Become a Team Effort?
4. What Needs To Happen Before You Document Roles & Responsibilities?
5. How Often Should You Update Roles & Responsibilities?
6. Who Should Actually Write Roles & Responsibilities?
7. What Type Of Review And Approval Process Is Necessary?
8. What Resources Are Required To Document Roles & Responsibilities?
9. How Long Does It Take To Document Roles & Responsibilities?
10. What Specific Documents Should You Prepare?
1. Information Security Department And Other Department Missions
2. Information Security Staff And Other Staff Job Descriptions
3. Information Security Department Reporting Relationship Diagram
4. Information Security Awareness Pamphlet
5. Information Security Awareness Reminder Memos
6. Information Security Policy Manual
7. Information Security Standards Document
8. Information Security Architecture Document
9. Information Security Action Plan
10. Information Security Forms
11. Systems Administration Procedures Manual
12. Risk Acceptance Memos
13. Information Systems Contingency Planning Manual
14. Organizational Code Of Conduct
15. Standard Operating Procedures (SOP) Manual
16. Systems Development Process Manual
17. Application Systems Requirement Documents
18. User and Computer Operations Applications Manuals
19. Records Management Policies And Procedures Manual
20. Worker Performance Reviews
21. Systems Usage Responsibility Agreement
22. Outsourcing And Consulting Agreement
23. Confidentiality And Non-Compete Agreements
24. Human Resources Manual
25. Physical Security Pamphlet
11. What Goes Into Mission Statements For Specific Organizational Units?
1. Information Security Department
2. Physical (Industrial) Security Department
3. Internal Audit Department
4. EDP Audit Department
5. Ethics And Compliance Unit
6. External Auditing Firm
7. Records Management Department
8. Information Technology Department
9. Help Desk Unit
10. Network Operations Unit
11. Computer Operations Unit
12. Systems Administration Unit
13. Database Administration Unit
14. Data Administration Unit
15. Insurance And Risk Management Department
16. Contingency Planning Unit
17. Computer Emergency Response Team
18. Legal Department
19. Human Resources Department
20. Information Security Management Committee
21. Information Technology Steering Committee
22. Board of Directors — Audit Committee
23. Internal Control Committee
24. Facilities Management Outsourcing Firm
12. What Goes Into Job Descriptions For Specific Team Players?
1. Information Security Department Manager
2. Access Control System Administrator
3. Internal Information Security Consultant
4. Information Security Engineer
5. Information Security Documentation Specialist
6. Information Security Contingency Planner
7. Local Information Security Coordinator
8. Chief Information Officer
9. Information Systems Analyst/Business Analyst
10. Systems Programmer
11. Business Applications Programmer
12. Computer Operations Manager
13. Computer Operator
14. Information Systems Quality Assurance Analyst
15. Help Desk Associate
16. Archives Manager/Records Manager
17. Telecommunications Manager
18. Systems Administrator/Network Administrator
19. Web Site Administrator/Commerce Site Administrator
20. Database Administrator
21. Data Administration Manager
22. Physical Security Department Manager
23. Physical Asset Protection Specialist
24. Building And Facilities Guard
25. Office Maintenance Worker
26. Internal Audit Department Manager
677. EDP Auditor
678. Internal Intellectual Property Attorney
679. Human Resources Department Manager
680. Human Resources Consultant
681. Receptionist
682. Outsourcing Contract Administrator
683. In-House Trainer
684. Insurance And Risk Management Department Manager
685. Insurance And Risk Management Analyst
686. Business Contingency Planner
687. Public Relations Manager
688. Chief Financial Officer
689. Purchasing Agent
690. Chief Executive Officer
13. What Reporting Relationships Should Information Security Have?
14. What Factors Will Affect The Customization Of These Templates?
15. Where Do The Owner, Custodian, And User Roles Fit In?
1. Owners
2. Custodians
3. Users
4. Overall Comments
16. What Does A Systems Usage Responsibility Agreement Look Like?
17. What Roles & Responsibilities Do Product Vendors Have?
18. What Roles & Responsibilities Do Outsourcing Firms Have?
1. Risks Of Outsorcing
2. Typical Areas To Outsource
3. Topics To Include In An Outsourcing Contract
4. Due Diligence To Perform Before Outsourcing
19. What Options Are Available For Smaller Organizations?
20. Is A Centralized Or Decentralized Organization Structure Better?
1. A Few Critical Distinctions
2. Why Centralized Information Security Management Is Advisable
3. Resolving A Variety Of Implementation Issues
21. What Common Roles & Responsibilities Mistakes Should You Avoid?

Appendices

1. Statistical Study On Customary Staffing Levels
2. Personality Characteristics Of An Effective Information Security Manager
3. Criteria For Evaluating The Performance Of Information Security
4. Relevant Professional Certifications And What They Mean
5. Management Responsibility And Legal Liability
6. Author's Biographical Sketch
7. Selected Sources & References
8. Suggestion Form Soliciting Input To The Next Edition Of This Book
9. Computer Files Provided And Their Contents
10. Diagram Of Roles & Responsibilities Definition Process

Do you need a job/role description for information security? It probably exists in this book.