Topics covered in this course include: Threats to Enterprise Security; An Overview of Enterprise I.T. Threat Responses; Common Enterprise Security Issues; Specialized Enterprise Security Issues; Security Policies; Security Standards and Procedures; Security in System Development; Operational Security Management; Introduction to Business Continuity and Disaster Recovery; Preparing for I.T. Continuity; Managing Disaster Recovery; Managing Quality and Security Risk in System Development.
Intended learning outcomes
Knowledge & understand
Understand the basic elements of information security policies as well as the lifecycle of policy development
Understand the difference between policies, procedures, standards and guidelines
Understand the relationship between risk, threats, vulnerabilities and countermeasures
Understand risk mitigation strategies and disaster recovery plans
Mental skills
Discuss how an organization institutionalizes its policies, standards, and practices using education, training, and awareness programs
Able to use critical thinking skills as they go through the material rather than accepting facts at face value
Able to Critique a security policy for its effectiveness and completeness
Practical & professional skills
Students will complete an activity that involves developing a security plan based on risk assessment
Students will complete activities that involve identifying example policy and procedures related to physical security measures, personnel security practice and procedures
Students will complete activities that involve creating Group Policy Objects using Active Directory Server
Generic and transferable skills
Enhance teamwork skills by collaborating with other professionals on developing comprehensive solutions for protecting organizational data and systems.
Strengthen critical thinking skills by learning how to analyze potential threats to an organization’s data and systems and develop appropriate countermeasures based on risk assessment techniques.
Improve organizational skills by learning how to create, implement, and maintain effective information security policies that are tailored to an organization’s specific needs while taking into account legal requirements, ethical considerations, budget constraints.
Enhance communication skills by learning how to effectively explain complex technical concepts related to information security policies in a clear and concise manner that is accessible to non-technical audiences.
Teaching and learning methods
Lectures.
Tutorials.
Problem-based learning.
Mini-projects.
Methods of assessments
Midterm exam 1= 25
Midterm exam 2 = 15
Mini-Project = 10
Final exam = 50
Course contents
Introduction to Information Security policies.
Security policy Standards and Procedures
Information Classification and Privacy Policies
Security Policy Development Life Cycle
Network Security and Email Policies
Encryption and Key Management Policy
Encryption and Key Management Policy
Legal and Regulatory Issues (Sarbanes-Oxley, HIPAA,FDA)
Security Policy: Audit and Compliance
Acceptable Use Policies and Training /Awareness
Security Policy: Enforcement and Effectiveness
Theoretical foundations and concepts of Risk, Risk management, Risk- Assessment, & Risk Mitigation
