Please enable JavaScript to view this page.

Information Security Policies, Procedures, and Fundamentals

CST 150W

Information Security Policies, Procedures, and Fundamentals

CST 150W

Course Description

Prerequisite: READING LEVEL 3 and WRITING LEVEL 3. Covers terminology; security systems development and implementation; and legal, ethical, and professional issues. Provides knowledge and experience to develop and maintain security policies and procedures. (30-15)

Outcomes and Objectives

Describe characteristics and components of information systems security policy management.

Objectives:

  • Describe what is information systems security.
  • Describe what is information assurance.
  • Understand why information system security policies are important.
  • Understand why enforcing and winning acceptance for policies is challenging.

Describe business drivers for information security policies.

Objectives:

  • Discuss maintaining compliance.
  • Describe mitigating risk exposure.
  • Describe minimizing liability of the organization.
  • Discuss implementing policies to drive operational consistency.

Discuss U.S. compliance laws and information security policy requirements.

Objectives:

  • Describe how these laws came about.
  • Discuss who the laws protect.
  • Describe aligning security policies and self-regulation.
  • Discuss industry leading standards.

Discuss information security policy implementation issues.

Objectives:

  • Discuss human nature in the workplace.
  • Discuss the importance of executive management support.
  • Describe the role of human resources.
  • Describe policy roles, responsibility, and accountability.

Discuss how to design, implement, and update IT security policies.

Objectives:

  • Discuss policies and standards design considerations.
  • Describe considerations for implementing policies and standards.
  • Describe maintaining your policies and standards library.
  • Discuss best practices for policies and standards maintenance.

Describe IT infrastructure security policies.

Objectives:

  • Discuss the anatomy of an infrastructure policy.
  • Describe workstation domain policies.
  • Discuss best practices for IT infrastructure security policies.
  • Discuss case studies and examples of IT infrastructure security policies.
  • Describe Incident Response Team (IRT) Policies.

Discuss IT security policy implementation and policy enforcement.

Objectives:

  • Describe the implementation issues for IT security policies.
  • Discuss security awareness policy implementations.
  • Describe implementation dissemination.
  • Discuss overcoming technical hindrances.