In this course, students examine the roles of security policies, standards and procedures in addressing business and technical security risks. Students explore the types of policies that are part of an overall security strategy. Policies are discussed that drive computer security, including discretionary access control, mandatory access control, and role-based access control types of policies, and how these are used in organizations. Students develop policies and deployment plans as part of the comprehensive strategic plan for the enterprise.
Upon completion of the course, students are expected to be able to do the following:
- Develop high-level security policies that directly support the mission, vision, and direction of an organization.
- Develop issue-specific policies to control use of resources, assets, and activities to support the organization’s goals and objectives.
- Develop system-specific policies that express technical details for the implementation, configuration, and management of the system that includes configuration rules and access control.
- Develop, document, and implement security policy, standards, procedures, and guidelines.
- Create security procedures and administration controls for the enterprise.
- Evaluate physical and logical access to assets such as information, systems, devices, and facilities.
- Manage identification, authentication, and authorization of people, devices, and services.