- Applied Labs
- Table of Contents
- Course Objectives
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES
Security Policies and Implementation Issues, Second Edition offers a comprehensive, end-to-end view of information security policies and frameworks from the raw organizational mechanics of building to the psychology of implementation. Written by an industry expert, it presents an effective balance between technical knowledge and soft skills, and introduces many different concepts of information security in clear simple terms such as governance, regulator mandates, business drivers, legal considerations, and much more. With step-by-step examples and real-world exercises, this book is a must-have resource for students, security officers, auditors, and risk leaders looking to fully understand the process of implementing successful sets of security policies and frameworks.
- Offers a comprehensive, end-to-end view of information security policies and framework.
- Addresses the technical knowledge and software skills required for policy implementation.
- Covers governance, regulator mandates, business drivers, legal considerations, and much more.
- Provides an excellent starting point for the creation of an effective IT security policy framework
Written for IT students and professionals hoping to gain knowledge in security policies and information security systems.
This title is available with a lab manual that allows students to put their classroom skills to work through numerous laboratory exercises.
|Lab #1:||Crafting an Organization-Wide Security Management Policy for Acceptable Use|
|Lab #2:||Developing an Organization-Wide Policy Framework Implementation Plan|
|Lab #3:||Defining an Information Systems Security Policy Framework for an IT Infrastructure|
|Lab #4:||Crafting a Layered Security Management Policy – Separation of Duties|
|Lab #5:||Crafting an Organization-Wide Security Awareness Policy-BIA and Recovery Time|
|Lab #6:||Defining a Remote Access Policy to Support Remote Health Care Clinics|
|Lab #7:||Identifying Necessary Policies for Business Continuity – BIA and Recovery Time Objectives|
|Lab #8:||Crafting a Security or Computer Incident Response Policy – CIRT Response Team|
|Lab #9:||Assessing and Auditing an Existing IT Security Policy Framework Definition|
|Lab #10:||Aligning an IT Security Policy Framework to the Seven Domains of a Typical IT Infrastructure|
|Part 1: The Need for IT Security Policy Frameworks|
|Chapter 1:||Information Systems Security Policy Management|
|Chapter 2:||Business Drivers for Information Security Policies|
|Chapter 3:||U.S. Compliance Laws and Information Security Policy Requirements|
|Chapter 4:||Business Challenges Within the Seven Domains of IT Responsibility|
|Chapter 5:||Information Security Policy Implementation Issues|
|Part 2: Types of Policies and Appropriate Frameworks|
|Chapter 6:||IT Security Policy Frameworks|
|Chapter 7:||How to Design, Organize, Implement, and Maintain IT Security Policies|
|Chapter 8:||IT Security Policy Framework Approaches|
|Chapter 9:||User Domain Policies|
|Chapter 10:||IT Infrastructure Security Policies|
|Chapter 11:||Data Classification and Handling Policies and Risk Management Policies|
|Chapter 12:||Incident Response Team (IRT) Policies|
|Part 3: Implementing and Maintaining an IT Security Policy Framework|
|Chapter 13:||IT Security Policy Implementations|
|Chapter 14:||IT Security Policy Enforcement|
|Chapter 15:||IT Policy Compliance Systems and Emerging Technologies|
- Identify the role of an information systems security (ISS) policy framework in overcoming business challenges.
- Analyze how security policies help mitigate risks and support business processes in various domains in the information technology (IT) infrastructure.
- Describe the components and basic requirements for creating a security policy framework.
- escribe the different methods, roles, responsibilities, and accountabilities of personnel, along with the governance and compliance of security policy framework.
- Describe the different ISS policies associated with the user domain.
- Describe the different ISS policies associated with the IT infrastructure.
- Describe the different ISS policies associated with risk management.
- Describe the different ISS policies associated with incident response teams (IRT).
- Describe different issues related to implementing and enforcing ISS policies.
- Describe the different issues related to defining, tracking, monitoring, reporting, automating, and configuration of compliance systems and emerging technologies.
Instructor Resources include: