Course Outline

Introduction

  • Overview of Security Policy Management
  • Exploring objectives and benefits of IT security policies
  • The lifecycle and stages of Security Policy Management

Initiating a Security Policy Program

  • Establishing a security policy team
  • Assessing organizational needs and business risks
  • Understanding an organization's legal requirements
  • Evaluating existing security software and tools
  • Addressing the different levels of the organization
  • Choosing the most appropriate Security Policy Management software

Designing a Comprehensive Security Policy Program

  • Core objectives of a Security Policy: Confidentiality, Integrity, Availability
  • Creating a policy development and implementation checklist
  • Defining the objectives, scope, and goals of a Security Policy
  • Establishing consequences for not following the rules
  • Tying a Security Policy to industry regulations such as PCI DSS, HIPAA, SOX, GLBA, GDPR, etc.

Case Study: Adhering to Industry Regulations

  • Financial, health and other government-regulated fields
  • The importance of centralized forms and templates

Implementing Security Policies

  • Addressing the critical areas of IT: hardware, software, network, data, and users
  • Enforcing the rules and procedures for accessing IT assets and resources
  • Delegating security roles and duties
  • Restricting user access
  • Maintaining separate policies for different departments within an organization
  • Reading, accepting, and signing the Security Policy
  • Distinguishing between Privacy Policy and Public Facing Policy

Communicating Security Policies

  • Designing Security Policy learning materials
  • Disseminating Security Policy information to employees and management
  • Carrying out security training and workshops
  • Updating and adapting the Security Policy
  • Cultivating a "Security Culture" within an organization

Contingency Planning

  • Responding to security attacks and failures
  • Establishing maintenance and recovery strategies
  • Responding to litigation "attacks"

Performing Security Testing and Review

  • Performing scheduled reviews (yearly, bi-annually, etc.)
  • Performing a formal audit
  • Decommissioning obsolete hardware, software, data and processes
  • Removing obsolete or redundant security policies
  • Obtaining Security Policy Management certification

Summary and Conclusion

Requirements

  • A general understanding of IT security and asset management
  • Experience with security policy development and implementation

Audience

  • IT administrators
  • Security coordinators
  • Compliance managers
  35 Hours
 

Number of participants


Starts

Ends


Dates are subject to availability and take place between 09:30 and 16:30.
Open Training Courses require 5+ participants.

Testimonials (2)

Related Courses

CISA - Certified Information Systems Auditor

  28 Hours

Related Categories