This course provides students with an introduction
to information security policies. The course discusses the entire lifecycle of
policy creation and enactment and presents students with issue specific
policies in different domains of security. The structure of the policy is also
discussed to assist the students in design and modification of policies.
Several examples from different domains are incorporated to assist students to
learn in context of real life situations.
The topics covered by this course include General
Overview of Policies, Policy Lifecycle, and Writing Security Policies,
Information Classification and Privacy Policies, Network Security and Email
Policies, Application, Operating System and Software Security Policy,
Encryption and Key Management Policy, Security Policy: Audit and Compliance,
Acceptable Use Policies and Training /Awareness, Security Policy: Enforcement
and Effectiveness.
Intended learning outcomes
Knowledge &understand
Understand the basic elements of information security policies as well as the lifecycle of policy development
Understand the difference between policies, procedures, standards and guidelines
Understand the relationship between risk, threats, vulnerabilities and countermeasures
Understand risk mitigation strategies and disaster recovery plans
mental skills
Discuss how an organization institutionalizes its policies, standards, and practices using education, training, and awareness programs
Able to use critical thinking skills as they go through the material rather than accepting facts at face value
Able to Critique a security policy for its effectiveness and completeness
Practical & professional skills
Students will complete an activity that involves developing a security plan based on risk assessment
Students will complete activities that involve identifying example policy and procedures related to physical security measures, personnel security practice and procedures
Students will complete activities that involve creating Group Policy Objects using Active Directory Server
General and transferable skills
Enhance teamwork skills by collaborating with other professionals on developing comprehensive solutions for protecting organizational data and systems.
Strengthen critical thinking skills by learning how to analyze potential threats to an organization’s data and systems and develop appropriate countermeasures based on risk assessment techniques.
Improve organizational skills by learning how to create, implement, and maintain effective information security policies that are tailored to an organization’s specific needs while taking into account legal requirements, ethical considerations, budget constraints.
Enhance communication skills by learning how to effectively explain complex technical concepts related to information security policies in a clear and concise manner that is accessible to non-technical audiences.
Teaching and learning methods
Lectures
Tutorials
Problem-based learning
Mini-projects
Methods of assessments
Midterm exam 1= 25
Midterm exam 2 = 15
Mini-Project = 10
Final exam = 50
Course contents
Introduction to Information Security policies.
Security policy Standards and Procedures
Information Classification and Privacy Policies
Security Policy Development Life Cycle
Network Security and Email Policies
Encryption and Key Management Policy
Encryption and Key Management Policy
Legal and Regulatory Issues (Sarbanes-Oxley, HIPAA,FDA)
Security Policy: Audit and Compliance
Acceptable Use Policies and Training /Awareness
Security Policy: Enforcement and Effectiveness
Theoretical foundations and concepts of Risk, Risk management, Risk- Assessment, & Risk Mitigation