• Classroom
  • Online, Instructor-Led

This course provides an in-depth look at risk factor analysis that must be performed in order to design a flexible and comprehensive security plan. Topics include assessing threats, developing countermeasures, protecting information and security designs processes. Auditing practices used to verify compliance with policies and procedures, as well as for building a case for presentation in private and public settings, are also covered.

Learning Objectives

  1. Given an organization which needs a general security policy, understand what is needed to get a policy implemented and how to gain acceptance for the policy.
  2. Given an organization which needs a general security policy, understand what is needed to create an effective policy.
  3. Given an organization that needs security, be able to appropriately classify the assets that need protecting.
  4. Be able to address personnel security issues in a given organization.
  5. Be able to implement physical and environmental security policies and procedures.
  6. Implement operations security and explain how it impacts information security.
  7. Given an organization requiring security polices, define access control policies for that organization.
  8. Be able to integrate systems development issues into the security plan.
  9. Given a financial institution, be able to address the regulatory requirements for its information security.
  10. Given a health care organization, be able to address the regulatory requirements for its information security.
  11. Given an organization with a critical infrastructure, be able to address the regulatory requirements for its information security.
  12. Given a small business, be able to completely set up security policies for that business.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Training, Education, and Awareness
  • Systems Administration
  • Systems Development
  • Systems Requirements Planning

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.