
Information Protection Playbook
Description
Key Features
- Emphasizes information protection guidelines that are driven by business objectives, laws, regulations, and industry standards
- Draws from successful practices in global organizations, benchmarking, advice from a variety of subject-matter experts, and feedback from the organizations involved with the Security Executive Council
- Includes 11 appendices full of the sample checklists, matrices, and forms that are discussed in the book
Readership
Mid- to upper-level security and information technology managers; security and information technology practitioners; students enrolled in two- and four-year college programs for security or computer science
Table of Contents
Acknowledgments
Executive Summary
What is a Playbook?
About the Information Protection Playbook
IP Program
Introduction
Assumptions
IP Strategy
Chapter 1. Information Protection Function One: Governance
Implementation One: Strategic Management
Implementation Two: Reporting and Communication
Implementation Three: Policies
Implementation Four: Regulations and Compliance Management
Implementation Five: Roles and Responsibilities
Implementation Six: Procedures and Guidelines
Implementation Seven: Portfolio Management
Governance Improvement
Additional Information
Chapter 2. Information Protection Function Two: Program Planning
BASELINES, STANDARDS, Procedures, and Guidelines
Accountability and Resources
Metrics
For More Information
Chapter 3. Information Protection Function Three: Risk Management
Risk Assessment
Risk Communication Procedure
Risk Management Methodologies
For More Information
Chapter 4. Information Protection Function Four: Incident Response Management
Process
Plans, Exercises, Activation, Documentation, and Improvement
For More Information
Chapter 5. Information Protection Function Five: Program Administration
Compliance
Metrics
Change Management
Awareness
Key Points
For More Information
Appendix A. Playbook Summary
What’s Here
How to Use This Appendix
Summary
Appendix B. Board of Directors Presentation
What’s Here
How to Use This Appendix
Example Presentation
Appendix C. Information Protection Policies Checklist
What’s Here
How to Use This Appendix
Example Policy Documents
Example Data Classification Policy Elements
Appendix D. An Example Roles and Responsibilities RACI Matrix
What’s Here
How to Use This Appendix
Example RACI Matrix
Appendix E. Risk Prioritization Procedure Matrix
What’s Here
How to Use This Appendix
Risk Prioritization Matrix
Appendix F. Security Awareness and Training Menu
What’s Here
How to Use This Appendix
Security Awareness and Training Delivery Methods
Security Awareness and Training Menu
Appendix G. Risk Assessment and Compliance Checklist
What’s Here
How to Use This Appendix
Risk Assessment and Compliance Checklist
Appendix H. Incident Response
What’s Here
How to Use This Appendix
Incident Response Planning
Incident Reaction
Appendix I. Facility Management Self-Assessment
What’s Here
How to Use This Appendix
Self-assessment Questionnaire
Appendix J. Roles in Information Protection
What’s Here
How to Use This Appendix
Example Positions
Appendix K. Measurement in Information Protection
What’s Here
How to Use This Appendix
Initial Measurement Program
Evolutionary Process Improvement
Additional Resources
References
About the Contributing Editors
About Elsevier’s Security Executive Council Risk Management Portfolio
Product details
- No. of pages: 128
- Language: English
- Copyright: © Elsevier 2013
- Published: September 17, 2013
- Imprint: Elsevier
- Paperback ISBN: 9780124172326
- eBook ISBN: 9780124172425
About the Editors
Greg Kane

Affiliations and Expertise
Lorna Koppel

Her key responsibilities at Iron Mountain include overseeing IS governance, including global policies, standards, and the technology architecture strategy; assessing and managing IS compliance and assurance needs for Iron Mountain’s customers; and overseeing the Computer Incident Response Center, technology risk assessments, and risk management processes.
Lorna has an extensive background in IS with over 20 years of experience in security and systems administration, risk analysis, and the implementation of high-profile global strategic initiatives. Throughout her career, she has worked closely with senior leaders and cross-functional teams to develop and execute strategic and tactical security programs, as well as develop strategies to address regulatory compliance mandates and other security-related requirements.
Prior to joining Iron Mountain, Lorna was the CISO for global consumer goods manufacturer Kohler, and director of global security at network service provider BT/Infonet Services Corp. She began her career as a meteorologist with the US Air Force and has degrees from Bowling Green State University, Penn State, and the State University of New York at Albany.
In November 2010 Lorna was recognized as one of the industry’s “Most Influential People in Security” in the information technology/cyber security practitioners category by Security magazine.
Affiliations and Expertise
Ratings and Reviews
There are currently no reviews for "Information Protection Playbook"