Information Security Policies, Procedures, and FundamentalsCST 150W
Prerequisite: READING LEVEL 3 and WRITING LEVEL 3. Covers terminology; security systems development and implementation; and legal, ethical, and professional issues. Provides knowledge and experience to develop and maintain security policies and procedures. (30-15)
Outcomes and Objectives
Describe characteristics and components of information systems security policy management.
- Describe what is information systems security.
- Describe what is information assurance.
- Understand why information system security policies are important.
- Understand why enforcing and winning acceptance for policies is challenging.
Describe business drivers for information security policies.
- Discuss maintaining compliance.
- Describe mitigating risk exposure.
- Describe minimizing liability of the organization.
- Discuss implementing policies to drive operational consistency.
Discuss U.S. compliance laws and information security policy requirements.
- Describe how these laws came about.
- Discuss who the laws protect.
- Describe aligning security policies and self-regulation.
- Discuss industry leading standards.
Discuss information security policy implementation issues.
- Discuss human nature in the workplace.
- Discuss the importance of executive management support.
- Describe the role of human resources.
- Describe policy roles, responsibility, and accountability.
Discuss how to design, implement, and update IT security policies.
- Discuss policies and standards design considerations.
- Describe considerations for implementing policies and standards.
- Describe maintaining your policies and standards library.
- Discuss best practices for policies and standards maintenance.
Describe IT infrastructure security policies.
- Discuss the anatomy of an infrastructure policy.
- Describe workstation domain policies.
- Discuss best practices for IT infrastructure security policies.
- Discuss case studies and examples of IT infrastructure security policies.
- Describe Incident Response Team (IRT) Policies.
Discuss IT security policy implementation and policy enforcement.
- Describe the implementation issues for IT security policies.
- Discuss security awareness policy implementations.
- Describe implementation dissemination.
- Discuss overcoming technical hindrances.