Course Outline


  • Overview of Security Policy Management
  • Exploring objectives and benefits of IT security policies
  • The lifecycle and stages of Security Policy Management

Initiating a Security Policy Program

  • Establishing a security policy team
  • Assessing organizational needs and business risks
  • Understanding an organization's legal requirements
  • Evaluating existing security software and tools
  • Addressing the different levels of the organization
  • Choosing the most appropriate Security Policy Management software

Designing a Comprehensive Security Policy Program

  • Core objectives of a Security Policy: Confidentiality, Integrity, Availability
  • Creating a policy development and implementation checklist
  • Defining the objectives, scope, and goals of a Security Policy
  • Establishing consequences for not following the rules
  • Tying a Security Policy to industry regulations such as PCI DSS, HIPAA, SOX, GLBA, GDPR, etc.

Case Study: Adhering to Industry Regulations

  • Financial, health and other government-regulated fields
  • The importance of centralized forms and templates

Implementing Security Policies

  • Addressing the critical areas of IT: hardware, software, network, data, and users
  • Enforcing the rules and procedures for accessing IT assets and resources
  • Delegating security roles and duties
  • Restricting user access
  • Maintaining separate policies for different departments within an organization
  • Reading, accepting, and signing the Security Policy
  • Distinguishing between Privacy Policy and Public Facing Policy

Communicating Security Policies

  • Designing Security Policy learning materials
  • Disseminating Security Policy information to employees and management
  • Carrying out security training and workshops
  • Updating and adapting the Security Policy
  • Cultivating a "Security Culture" within an organization

Contingency Planning

  • Responding to security attacks and failures
  • Establishing maintenance and recovery strategies
  • Responding to litigation "attacks"

Performing Security Testing and Review

  • Performing scheduled reviews (yearly, bi-annually, etc.)
  • Performing a formal audit
  • Decommissioning obsolete hardware, software, data and processes
  • Removing obsolete or redundant security policies
  • Obtaining Security Policy Management certification

Summary and Conclusion


  • A general understanding of IT security and asset management
  • Experience with security policy development and implementation


  • IT administrators
  • Security coordinators
  • Compliance managers
  35 Hours


Related Courses

CISMP - Certificate in Information Security Management Principles

  21 hours

CISA - Certified Information Systems Auditor

  28 hours

Cybersecurity Fundamentals

  28 hours

Public Key Infrastructure

  21 hours

Building up information security according to ISO 27005

  21 hours

DevOps Security: Creating a DevOps Security Strategy

  7 hours

NB-IoT for Developers

  7 hours

Network Penetration Testing

  35 hours

Computer Room Security and Maintenance

  14 hours

Open Data Risk Analysis and Management

  21 hours

Open Authentication (OAuth)

  7 hours

ABAP Secure code

  14 hours

Advanced PHP and Secure Coding Course

  35 hours

Automotive Cyber Security Fundamentals

  21 hours

Business Continuity Practitioner

  14 hours