Effective security managers must understand how to develop security policies that will be supported by executive management and adopted by all employees. This course examines the steps required in policy development including password protection, acceptable use of organization information technology assets, risk acceptance, identification of internal and external threats, countermeasures, intellectual property, proprietary information and privacy issues, compliance reporting, and escalation procedures. Related topics such as access controls, security standards, and policy implementation are covered.
- Demonstrate an understanding in writing cyber security policy documents and how to mitigate security risks appropriately.
- Understand the cybersecurity threat landscape as it pertains to both U.S. government and private industry
- Identify and document the various types of cyber attacks that threaten both U.S. government and private industry information technology enterprises
- Assess options for mitigating risks after a cyber attack has occurred.
- Write cyber security policy documents that demonstrate an understanding of how to mitigate security risks appropriately
- Develop an appreciation for the importance of policy implementation and enforcement