Book Review: IT Policies

​Information Security Policies, Procedures, and Standards: A Practitioner's Reference. By Douglas J. Landoll. Auerbach Publications; crcpress.com; 240 pages; $72.95.​

Business owners and boards of directors say cyberattacks and network penetrations are among their largest concerns and cause them to lose sleep at night. While no policy can stop a hacker from trying to break an organization’s network, the right policies and procedures can make it much harder for the hacker to be successful. 

Information Security Policies, Procedures, and Standards: A Practitioner's Reference provides vital information to help you set your organization up for success. While the book is a quick read, the author did not skip over any vital information. Both seasoned security professionals and novices in the industry will find this book useful. Its logical format and design make it a great tool for quick reference. The book is packed full of examples, making it easier for the reader to understand how the theories brought forward in the text translate into real-world applications. 

Practitioners outside of the information security industry could also derive value from the book because the author explains the differences between policies, procedures, and the like, showing the relationship each has with the other, the level of support recommended, as well as recommended verbiage for each. Practitioners building their programs from the ground up will find this book extremely useful as it prompts the reader to consider many aspects of program documentation in regard to policies, procedures, and standards. 

Reviewer: Danté I. Moriconi, CPP, PCI, PSP, CFE (Certified Fraud Examiner), is physical security manager for L-3 Communication Systems-West. He is a member of the ASIS Salt Lake Chapter.