CST 150W - Information Security Policies, Procedures, and Fundamentals

1. Describe characteristics and components of information systems security policy management.
   1. Describe what is information systems security.
   2. Describe what is information assurance.
   3. Understand why information system security policies are important.
   4. Understand why enforcing and winning acceptance for policies is challenging.
2. Describe business drivers for information security policies.
   1. Discuss maintaining compliance.
   2. Describe mitigating risk exposure.
   3. Describe minimizing liability of the organization.
   4. Discuss implementing policies to drive operational consistency.
3. Discuss U.S. compliance laws and information security policy requirements.
   1. Describe how these laws came about.
   2. Discuss who the laws protect.
   3. Describe aligning security policies and self-regulation.
   4. Discuss industry leading standards.
4. Discuss information security policy implementation issues.
   1. Discuss human nature in the workplace.
   2. Discuss the importance of executive management support.
   3. Describe the role of human resources.
   4. Describe policy roles, responsibility, and accountability.
5. Discuss how to design, implement, and update IT security policies.
   1. Discuss policies and standards design considerations.
   2. Describe considerations for implementing policies and standards.
   3. Describe maintaining your policies and standards library.
   4. Discuss best practices for policies and standards maintenance.
6. Describe IT infrastructure security policies.
   1. Discuss the anatomy of an infrastructure policy.
   2. Describe workstation domain policies.
   3. Discuss best practices for IT infrastructure security policies.
   4. Discuss case studies and examples of IT infrastructure security policies.
   5. Describe Incident Response Team (IRT) Policies.
7. Discuss IT security policy implementation and policy enforcement.
   1. Describe the implementation issues for IT security policies.
   2. Discuss security awareness policy implementations.
   3. Describe implementation dissemination.
   4. Discuss overcoming technical hindrances.