Without IT security policies, organizations have no framework that defines the proper and safe use of IT systems and data. In this course, Designing and Implementing Security Policies, you'll be exposed to security standards bodies, and how to create security policies based on recommendations from these standards bodies. First, you'll learn examples of implementing security settings based on security policy documentation. Next, you'll learn how to determine the finer details of security policies, including the use of specific security controls and the consequences of policy non-compliance. Finally, you'll gain insight on how technical controls can be interpreted and then implemented for policy compliance. By the end of this course, you'll have an understanding of how policy documents are laid out, and how to design and implement security policies within business and regulatory requirements.
Learning Objectives
- Identifying Security Standards and Bodies
- Designing Security Policies
- Implementing Security Policies
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Strategic Planning and Policy
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.