Course Outline


  • Overview of Security Policy Management
  • Exploring objectives and benefits of IT security policies
  • The lifecycle and stages of Security Policy Management

Initiating a Security Policy Program

  • Establishing a security policy team
  • Assessing organizational needs and business risks
  • Understanding an organization's legal requirements
  • Evaluating existing security software and tools
  • Addressing the different levels of the organization
  • Choosing the most appropriate Security Policy Management software

Designing a Comprehensive Security Policy Program

  • Core objectives of a Security Policy: Confidentiality, Integrity, Availability
  • Creating a policy development and implementation checklist
  • Defining the objectives, scope, and goals of a Security Policy
  • Establishing consequences for not following the rules
  • Tying a Security Policy to industry regulations such as PCI DSS, HIPAA, SOX, GLBA, GDPR, etc.

Case Study: Adhering to Industry Regulations

  • Financial, health and other government-regulated fields
  • The importance of centralized forms and templates

Implementing Security Policies

  • Addressing the critical areas of IT: hardware, software, network, data, and users
  • Enforcing the rules and procedures for accessing IT assets and resources
  • Delegating security roles and duties
  • Restricting user access
  • Maintaining separate policies for different departments within an organization
  • Reading, accepting, and signing the Security Policy
  • Distinguishing between Privacy Policy and Public Facing Policy

Communicating Security Policies

  • Designing Security Policy learning materials
  • Disseminating Security Policy information to employees and management
  • Carrying out security training and workshops
  • Updating and adapting the Security Policy
  • Cultivating a "Security Culture" within an organization

Contingency Planning

  • Responding to security attacks and failures
  • Establishing maintenance and recovery strategies
  • Responding to litigation "attacks"

Performing Security Testing and Review

  • Performing scheduled reviews (yearly, bi-annually, etc.)
  • Performing a formal audit
  • Decommissioning obsolete hardware, software, data and processes
  • Removing obsolete or redundant security policies
  • Obtaining Security Policy Management certification

Summary and Conclusion


  • A general understanding of IT security and asset management
  • Experience with security policy development and implementation


  • IT administrators
  • Security coordinators
  • Compliance managers
  35 Hours


Related Courses

CISA - Certified Information Systems Auditor

  28 hours

Building up information security according to ISO 27005

  21 hours

Open Data Risk Analysis and Management

  21 hours

CISM - Certified Information Security Manager

  28 hours

CISMP - Certificate in Information Security Management Principles

  21 hours

Computer Room Security and Maintenance

  14 hours

Cybersecurity Fundamentals

  28 hours

Honeywell Security System

  14 hours

Network Penetration Testing

  35 hours

Open Authentication (OAuth)

  7 hours

Public Key Infrastructure

  21 hours

Security Management

  14 hours

DevOps Security: Creating a DevOps Security Strategy

  7 hours

NB-IoT for Developers

  7 hours