This is a complete, up-to-date, hands-on guide to creating effective information security policies and procedures. It introduces essential security policy concepts and their rationale, thoroughly covers information security regulations and frameworks, and presents best-practice policies specific to industry sectors, including finance, healthcare and small business. Ideal for classroom use, it covers all facets of Security Education, Training & Awareness (SETA), illuminates key concepts through real-life examples.