Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Introduction
- Overview of Security Policy Management
- Exploring the objectives and benefits of IT security policies
- The lifecycle and stages of Security Policy Management
Initiating a Security Policy Program
- Establishing a dedicated security policy team
- Assessing organizational needs and business risks
- Understanding the organization's legal requirements
- Evaluating existing security software and tools
- Addressing the various levels of the organization
- Selecting the most suitable Security Policy Management software
Designing a Comprehensive Security Policy Program
- Core objectives of a Security Policy: Confidentiality, Integrity, Availability
- Creating a checklist for policy development and implementation
- Defining the objectives, scope, and goals of a Security Policy
- Establishing consequences for non-compliance
- Aligning Security Policies with industry regulations such as PCI DSS, HIPAA, SOX, GLBA, GDPR, etc.
Case Study: Adhering to Industry Regulations
- Financial, health, and other government-regulated sectors
- The importance of centralized forms and templates
Implementing Security Policies
- Addressing critical IT areas: hardware, software, network, data, and users
- Enforcing rules and procedures for accessing IT assets and resources
- Delegating security roles and responsibilities
- Restricting user access
- Maintaining distinct policies for different organizational departments
- Reading, accepting, and signing the Security Policy
- Distinguishing between Privacy Policy and Public Facing Policy
Communicating Security Policies
- Designing learning materials for Security Policy
- Disseminating Security Policy information to employees and management
- Conducting security training and workshops
- Updating and adapting the Security Policy
- Fostering a 'Security Culture' within the organization
Contingency Planning
- Responding to security attacks and failures
- Establishing maintenance and recovery strategies
- Responding to litigation 'attacks'
Performing Security Testing and Review
- Conducting scheduled reviews (yearly, bi-annually, etc.)
- Performing a formal audit
- Decommissioning obsolete hardware, software, data, and processes
- Removing obsolete or redundant security policies
- Obtaining Security Policy Management certification
Summary and Conclusion
Requirements
- A fundamental understanding of IT security and asset management
- Experience in developing and implementing security policies
Audience
- IT administrators
- Security coordinators
- Compliance managers
35 Hours
Testimonials (3)
The trainer was helpful..
Attila - Lifial
Course - Compliance and the Management of Compliance Risk
The report and rules setup.
Jack - CFNOC- DND
Course - Micro Focus ArcSight ESM Advanced
Speed of response and communication
