Covers the fundamentals of developing business rationales for information security (assurance) governance. Studies the development and implementation of IT strategies to integrate assurance functions to improve security, and ensure the preservation of the organization and its ability to continue to operate. Offers a comprehensive view of information security policies in business context and the psychology of implementation. Provides insight into governance, privacy, regulator mandates, business incentives, legal issues.
Learning Objectives
Upon successful completion of the course, students will be able to: Identify the role of an information systems security (ISS) policy framework; Analyze how security policies help mitigate risks and support business; Identify components and basic requirements for creating a security policy framework; Identify different methods, roles, responsibilities, and accountabilities of personnel, along with the governance and compliance of security policy framework; Recognize ISS policies associated with the user domain, IT infrastructure, risk management and incident response teams (IRT); Analyze social, legal and ethical issues represented by information technology environments.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Risk Management
- Incident Response
- Cybersecurity Management
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.