Monday, May 06, 2002
Sanity and Scaling Back. When I recommended Information Security Policies Made Easy in my 4 May entry someone asked me if I had lost my mind for recommending a $595.00 book. The answer is no, and if I did it's no problem because I have it backed up and stored in secure off-site storage. Seriously, the book will save a significant amount of time and will quickly pay for itself.
However, one can go broke saving money, especially if there are more important priorities that should be funded first. An alternative is to purchase a copy of Writing Information Security Policies by Scott Barman. This $34.99 USD book is a fraction of the price and will give you the information and approach that will assure well-written security policies. Of course you'll have to write them from scratch, but the book's accompanying web site contains a wealth of support material.
Another book that shows the big picture is Thomas R. Peltier's Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. We've mentioned Mr. Peltier in earlier entries, and this book is one that every security professional should own.
I'll end on that note because I have a scheduled back-up to perform.