This course discusses how to implement security policies to support organizational goals. It provides students with an introduction to information security policies, discuss the entire lifecycle of policy creation and enactment and presents students with issue specific policies in different domains of security. The course also discusses disaster recovery methodologies for identifying, quantifying, mitigating, and controlling security risks. Students learn to write IT risk management plans, standards, and procedures that identify alternate sites for processing mission-critical applications, and techniques to recover infrastructure, systems, networks, data, and user access
Intended learning outcomes
Knowledge &understand
Understand the basic elements of information security policies as well as the lifecycle of policy development
Understand the difference between policies, procedures, standards and guidelines.
Understand the relationship between risk, threats, vulnerabilities and countermeasures
Understand risk mitigation strategies and disaster recovery plans.
mental skills
Discuss how an organization institutionalizes its policies, standards, and practices using education, training, and awareness programs.
Able to use critical thinking skills as they go through the material rather than accepting facts at face value
Able to Critique a security policy for its effectiveness and completeness
Practical & professional skills
Students will complete an activity that involves developing a security plan based on risk assessment.
Risk management, system life cycle management, contingency planning and disaster recovery.
Students will complete activities that involve identifying example policy and procedures related to physical security measures, personnel security practices and procedures.
Students will complete activities that involve creating Group Policy Objects using Active Directory Server.
