Course Outline
Introduction
- Overview of Security Policy Management
- Exploring objectives and benefits of IT security policies
- The lifecycle and stages of Security Policy Management
Initiating a Security Policy Program
- Establishing a security policy team
- Assessing organizational needs and business risks
- Understanding an organization's legal requirements
- Evaluating existing security software and tools
- Addressing the different levels of the organization
- Choosing the most appropriate Security Policy Management software
Designing a Comprehensive Security Policy Program
- Core objectives of a Security Policy: Confidentiality, Integrity, Availability
- Creating a policy development and implementation checklist
- Defining the objectives, scope, and goals of a Security Policy
- Establishing consequences for not following the rules
- Tying a Security Policy to industry regulations such as PCI DSS, HIPAA, SOX, GLBA, GDPR, etc.
Case Study: Adhering to Industry Regulations
- Financial, health and other government-regulated fields
- The importance of centralized forms and templates
Implementing Security Policies
- Addressing the critical areas of IT: hardware, software, network, data, and users
- Enforcing the rules and procedures for accessing IT assets and resources
- Delegating security roles and duties
- Restricting user access
- Maintaining separate policies for different departments within an organization
- Reading, accepting, and signing the Security Policy
- Distinguishing between Privacy Policy and Public Facing Policy
Communicating Security Policies
- Designing Security Policy learning materials
- Disseminating Security Policy information to employees and management
- Carrying out security training and workshops
- Updating and adapting the Security Policy
- Cultivating a "Security Culture" within an organization
Contingency Planning
- Responding to security attacks and failures
- Establishing maintenance and recovery strategies
- Responding to litigation "attacks"
Performing Security Testing and Review
- Performing scheduled reviews (yearly, bi-annually, etc.)
- Performing a formal audit
- Decommissioning obsolete hardware, software, data and processes
- Removing obsolete or redundant security policies
- Obtaining Security Policy Management certification
Summary and Conclusion
Requirements
- A general understanding of IT security and asset management
- Experience with security policy development and implementation
Audience
- IT administrators
- Security coordinators
- Compliance managers
Testimonials
I genuinely was benefit from the communication skills of the trainer.
Flavio Guerrieri
Loose way of driving
The delivery
- Department for Communities
Depth and breadth of the course. Trainer was excellent also.
- Department for Communities
Examples provided
- Department for Communities
Trainer's vast knowledge
FUJITSU TECHNOLOGY SOLUTIONS SP. Z O.O.
Loose way of driving