-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 These are not meant to be books for reading or for learning how to develop policies or apply personnel security programs. They are built as a series of objective statements and supporting commentary so that you as a policy developer can sit down, figure out what areas of security your policy needs to cover, and use the objective statements as the foundation for coverage. The book is very useful as an example tool, but I think that it also makes it tempting for folks to simply build 'cut and paste' security policies that have limited value in the applicable environment (policies must be tailored to meet individual organizational needs, there is no 'one size fits all').
The reason the books are so expensive? It is like hiring a consultant in a bottle... You are actually getting good value for your money, but only if you use the information in an appropriate manner. I purchased a copy of the ver9 policy book about 4 months ago (though I already had versions 5 and 6 available to me). The new version is broken down into areas of coverage in-line with ISO 17799 and comes with a handy CD so that you really and truly can just do a cut and paste (of those items that are applicable) and modify them without too much effort. Again, this book is not meant to teach you who to write policy, it is to be used for sampling. If you want to learn about policy development, "Writing Information Security Policies" by Scott Berman isn't too bad... Though personally, I have not found a policy book that impresses me yet. Hope that helps. Thank you for your time and attention, ======================== Brad Bemis Information Security Services Airborne Express (206) 830-3478 ======================== Email Notice: This communication may contain sensitive information. If you are not the intended recipient, or believe that you have received this communication in error; do not print, copy, retransmit, disseminate, or otherwise use the information contained herein for any purpose. Please alert the sender that you have received this message in error, and delete the copy that you received. > -----Original Message----- > From: John Smithson [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 22, 2003 2:22 PM > To: [EMAIL PROTECTED] > Subject: Book Review > > > Hello folks, > > I would like to find out review of book by Net IQ, > "Information Security > Policies Made Easy, Version 9" (ISBN Numbers: 1-881585-09-3). > The retail > cost of the book is $795 (yikes). Net IQ also has another > book "Information > Security Roles & Responsibilities Made Easy V1" (ISBN Numbers: > 1-881585-08-5). The retail cost of the book is $495 (another > yikes). Both > books can be found at: > > http://www.netiq.com/order/category.asp?c=21&PagePath=/order/P > ublications.asp > > I would like to find out some of your opinions on both of > these books, > before making any decision on purchasing. How would you rate > these books? > How is the information provided by these books? > > Thanks, > > _________________________________________________________________ > Add photos to your e-mail with MSN 8. Get 2 months FREE*. > http://join.msn.com/?page=features/featuredemail > > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > -------------- > > > -----BEGIN PGP SIGNATURE----- iQA/AwUBPx6oNpDnOfS48mrdEQJ9IACg1rFFYIf0gEXETqt+pC8/NRtoMWsAoM1y mT1VCXALGmIz0ap9RLOAa77P =leER -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
