Description:
This Writing Security Policy course examines how to create a flexible security policy that can change with requirements and maintain its operational health with mechanisms to combat the human weaknesses of the security process.
Delegates will take away working documents that they can apply to their organisation.
These include:
- An executive briefing on best practice security policy
- Their own design for a policy template
- Policies for more than 20 main areas of security that will work in their company
- An implementation plan for their company
Objectives:
To give the students knowledge of what is involved in writing security policies and examples customised for their own situations.
Target Audience:
Anyone who has a security responsibility within his or her organization will gain from this course.
Prerequisites:
A ground understanding of Information Security issues.
Course Synopsis:
Writing Security Policy
ISO17799 / 27001 and IT Security
Defining a Security Policy
Corporate Information Security Policy
Specific policies including:
- Information classification
- Access control
- Operations
- Incident management
- Physical security
- Human resources
- Third-party access
- Business continuity management
Standards
- Industry best practice
- Experience
- Business drivers
- Internal testing
Procedures
- Incident Reporting
- Incident Management
- User ID addition/removal
- Server backup
Document Structure
- Suggested headings for internal policies
Other Standards
- Sources of Information
Authorisation, Implementation and Operation of Security Policies