Security Policies and Implementation Issues, Second Edition

Security Policies and Implementation Issues, Second Edition

Rob Johnson
ISBN-13: 978-1-2840-5599-3
Paperback
450 pages
© 2015

Learn More
Request a Review Copy

  • Description
  • Applied Labs
  • Table of Contents
  • Course Objectives
  • Resources

PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES

Security Policies and Implementation Issues, Second Edition offers a comprehensive, end-to-end view of information security policies and frameworks from the raw organizational mechanics of building to the psychology of implementation. Written by an industry expert, it presents an effective balance between technical knowledge and soft skills, and introduces many different concepts of information security in clear simple terms such as governance, regulator mandates, business drivers, legal considerations, and much more. With step-by-step examples and real-world exercises, this book is a must-have resource for students, security officers, auditors, and risk leaders looking to fully understand the process of implementing successful sets of security policies and frameworks.

Key Features

  • Offers a comprehensive, end-to-end view of information security policies and framework.
  • Addresses the technical knowledge and software skills required for policy implementation.
  • Covers governance, regulator mandates, business drivers, legal considerations, and much more.
  • Provides an excellent starting point for the creation of an effective IT security policy framework

Applicable Courses

Written for IT students and professionals hoping to gain knowledge in security policies and information security systems.

This title is available with a lab manual that allows students to put their classroom skills to work through numerous laboratory exercises.
 

Lab #1: Crafting an Organization-Wide Security Management Policy for Acceptable Use
Lab #2: Developing an Organization-Wide Policy Framework Implementation Plan
Lab #3: Defining an Information Systems Security Policy Framework for an IT Infrastructure
Lab #4: Crafting a Layered Security Management Policy – Separation of Duties
Lab #5: Crafting an Organization-Wide Security Awareness Policy-BIA and Recovery Time
Lab #6: Defining a Remote Access Policy to Support Remote Health Care Clinics
Lab #7: Identifying Necessary Policies for Business Continuity – BIA and Recovery Time Objectives
Lab #8: Crafting a Security or Computer Incident Response Policy – CIRT Response Team
Lab #9: Assessing and Auditing an Existing IT Security Policy Framework Definition
Lab #10: Aligning an IT Security Policy Framework to the Seven Domains of a Typical IT Infrastructure
Part 1: The Need for IT Security Policy Frameworks
Chapter 1: Information Systems Security Policy Management
Chapter 2: Business Drivers for Information Security Policies
Chapter 3: U.S. Compliance Laws and Information Security Policy Requirements
Chapter 4: Business Challenges Within the Seven Domains of IT Responsibility
Chapter 5: Information Security Policy Implementation Issues
Part 2: Types of Policies and Appropriate Frameworks
Chapter 6: IT Security Policy Frameworks
Chapter 7: How to Design, Organize, Implement, and Maintain IT Security Policies
Chapter 8: IT Security Policy Framework Approaches
Chapter 9: User Domain Policies
Chapter 10: IT Infrastructure Security Policies
Chapter 11: Data Classification and Handling Policies and Risk Management Policies
Chapter 12: Incident Response Team (IRT) Policies
Part 3: Implementing and Maintaining an IT Security Policy Framework
Chapter 13: IT Security Policy Implementations
Chapter 14: IT Security Policy Enforcement
Chapter 15: IT Policy Compliance Systems and Emerging Technologies
  1. Identify the role of an information systems security (ISS) policy framework in overcoming business challenges.
  2. Analyze how security policies help mitigate risks and support business processes in various domains in the information technology (IT) infrastructure.
  3. Describe the components and basic requirements for creating a security policy framework.
  4. escribe the different methods, roles, responsibilities, and accountabilities of personnel, along with the governance and compliance of security policy framework.
  5. Describe the different ISS policies associated with the user domain.
  6. Describe the different ISS policies associated with the IT infrastructure.
  7. Describe the different ISS policies associated with risk management.
  8. Describe the different ISS policies associated with incident response teams (IRT).
  9. Describe different issues related to implementing and enforcing ISS policies.
  10. Describe the different issues related to defining, tracking, monitoring, reporting, automating, and configuration of compliance systems and emerging technologies.

Instructor Resources include:

  • PowerPoint Lectures
  • Instructor’s Guide
  • Test and Quiz Items
  • Sample Syllabus
  • Case Scenarios/Handouts
  • Handouts
  • Projects
  • Study Guide
  • Time on Task
  • Content Map