• Say What You Do Products
• Effective Technical Communication
• Inclusive modeling -- how to diagram your processes
• Audience, clarity, logic, and brevity
• Word choices
• Does you use correct grammar?
• Eats, shoots, and leaves
• Frameworks
• The major frameworks used for establishing IT controls
• Analyzing the acceptance of framework controls
• A guideline for scoping controls
• Why it is a bad idea to cut and paste from the standards
• How capability maturity relates to frameworks
• Policies
• Effective Technical Communication
• Creating policies
• Should we (and do we) label media appropriately?
• Procedures
• Documenting your procedures
• Standards
• Documenting organizational standards
• Authors
• Rebecca Herold, CISSP, CISA, CISM, FLMI
• Dorian J. Cougias
• Marcelo Halpern
• Say What You Do eBook bundle
• Free IT policy guide
• Say What You Do eBook Edition
• Forms, Templates, and Samples
• Say What You Do toolkit
• Systems and Information Classification Standards
• Change Management
• Information Assurance Compliance Maturity Model Index (IACMMI)
• The Language of Compliance
• Systems and Info Classification

Don't leave risky gaps in your IT policies and procedures

No other policy and procedure management framework is based on only the regulatory and contractual provisions that actually apply to you. Use this book to: - Fill gaps in your policies and procedures left by generic frameworks such as ISO 17799 - Eliminate redundant, conflicting, and underperforming IT policies and procedures - Measure the results of your policies in terms of actual legal and business requirements -- not just generic frameworks or recommended practices

Contents

Defining your compliance framework: What it means to comply with authority documents such as regulations, standards, guidelines, contracts. List of major IT control frameworks.

Building your compliance framework: Determining which authority documents do and don't apply to your organization. Bringing in stakeholders and documenting your processes. Determining your current level of compliance with each applicable authority document. Determining and documenting processes and roles. Process review and approval. Measuring success.

Regulatory and industry guidelines on IT compliance: Key rules and steps for creating IT controls, as mandated by major authority documents.

Products and services for managing policies and procedures: Available forms, samples, and templates for policies and procedures. Sample compliance framework for assessing the status of your compliance controls. Reviews of policy and procedure management software.