Network Security Policy
How to develop and implement the advanced information security technologies & strategies your organization needs to survive.
During this three-day interactive course, you'll develop Advanced Information Security Policy strategies and requirement guidelines. You'll get hands-on experience with the software that helps turn strategies into reality. You'll examine today's most important protection, detection, and reaction issues — and uncover the techniques that are the perfect match for both your technology and your people. You'll impact the bottom line with expert ROI analysis. And you'll learn what to do… and what to avoid… to make sure everyone from management to staff is on board and an active participant.
The result? Advanced security policies that are custom-tailored to your organization's needs — and fleshed out with everything from a management approval process to implementation manuals.
Key topics:
• Determining your organization's needs
• ROI and policies
• Applying development principles
• The management approval process
• Creating manuals for implementation
• Commercial applications for security plans
• Maintaining security awareness and compliance
Who should attend:
CIOs with responsibility over information security, Network Administrators, Information Security Architects, Auditors, Consultants, and all others seeking to plan, implement, and manage an advanced information security policy program
Course agenda:
Phase I — Establishing the Basics
What you'll need to know, and the organizational needs and practices you'll need to consider, when developing your overall security strategy.
• Defining policies, standards, and procedures
• Managing an information security program
• Determining organizational needs
• Government and commercial publications available
• Organizing the process
• Creating workable information security policies
• ROI and policies
• Baseline assessments
Phase II — Beyond the Basics: Real Life
After mastering the basics of creating an information security policy, what comes next? Translating theory and strategy into workable programs, procedures, and standards that can stand up to the constantly changing demands of the real world.
• Policies, procedures, and standards in a changing environment
• Creating the Security Policies and Procedures Manual (SPPM)
• Creating the Security Administrator Manual (SAM) requirements outline
• Applying the principles: creating policy teams, writing and testing the policies, standards, and procedures
• Management approval process
Phase III — Advanced Awareness Programs
Even the best-laid information security policy isn't worth the paper it's printed on if no one pays attention to it. Learn how to ensure your policies are implemented from top to bottom, throughout your organization.
• Awareness, training, and the difference between them
• Getting the word out
• Changing behavior
• Finding allies
• Monitoring and maintaining the program
In-Class Exercises
Special explorations designed to give you hands-on experience with the information security tools you'll need to achieve your goals.
• Defining the enterprise environment
• Determining organizational policy needs
• Creating organizational policies
• Security policies, standards, and procedures in a changing environment
• Developing an Advanced Awareness Program
