I had the great privilege and pleasure to work with Dorian Cougias, an award-winning author and information security practitioner, Marcelo Halpern, an internationally acclaimed lawyer, and Karsten Koop, also an award winning author and highly experienced IT auditor, to co-author our newly released book, “Say What You Do.”
The full title is “Say What You Do: Building a framework of IT controls, policies, standards, and procedures” and is now available through the saywhatyoudo website, or at any other bookstore of your choosing, such as on Amazon.
I’m really excited about this book and the help I know it will provide to information security and privacy professionals. It is described as “the definitive guide to process documentation.” My co-authors are brilliant at being able to communicate difficult concepts and explain things clearly. And the book is easy to read, understand, and entertaining to boot!
Creating effective information security and privacy policies, procedures and standards is an activity most organizations struggle with, and most of the practitioners I know either hate to do, or just don’t have time to do in the most effective manner. “Say What You Do” walks the reader through all of the steps necessary for creating a risk-based, compliance-driven information controls framework, policies, standards, and procedures. Included are techniques for solid writing, editing, and policy, standard, and procedure dissemination. Plus, a ton of examples, forms and tools.
If you are going to the RSA conference next week please stop by the NetIQ booth; they like our new book so much they have purchased 100 copies that they are giving away there. Plus, Dorian Cougias will be there signing them, so you can meet him and let him know your feedback directly.
Please take a look and let me know what you think! 🙂
Tags: awareness and training, Information Security, IT compliance, policies and procedures, privacy