|
Information security policies are a critical element of any organization and are the foundation of its security program. Seccessful security policies are built with the understanding of the organization’s culture and reflect the business’s vision and mission. Without well-written policies, organizations will discover that they have little or no recourse when a security incident occurs.
This course explores the the process of creating security policies, delving into their content and organization. It reviews standards and methodologies and evaluates example policies.
In the workshop you will get hands-on experience developing and reviewing information security policies. You’ll examine your organization’s culture to understand how to evaluate policies which will be accepted and effective in your own company’s environment.
|
|
|
Course Content
|
| Business Objectives Review |
|---|
 | Vision |
| Mission |
| Strategy |
| Tactics |
| Operations |
|
| Security Directives Development |
|---|
| Philosophy |
| Principles |
| Policy |
| Procedures |
| Practices |
|
|
| Getting Executive Involvement |
|---|
| Support and Budget |
| Use and Compliance |
|
| Enterprise Security Policy |
|---|
| Enterprise Risk |
| Human Resources |
| Physical Security |
|
| Security Policy Standards |
|---|
| ISO 17799 |
| GASSP |
|
|
|
