Evan Anderson
IS4550
Security Policies and Implementation
Unit 10 (August 19, 2016)
Automated Policy Compliance Systems
Learning Objective
- Describe the different issues related to defining, tracking, monitoring, reporting, automating, and organizing compliance systems and emerging technologies.
Key Concepts
- Baseline definition for ISS
- Tracking, monitoring, and reporting for IT security baseline definition and policy compliance
- Automate IT security policy compliance, policy configuration management, and change control management
- Best practices for IT security policy compliance monitoring
- Differences between public and private IT security policy compliance monitoring
Reading
- Johnson and Merkow, Chapter 15: IT Policy Compliance Systems and Emerging Technologies.
- NIST: SpecialPublication 800-171
- SC Magazine: Ransomware as a service business booming and growing
- SC Magazine: Settlement expected for 50M Home Depot customers
Keywords
- Automated Policy Compliance Systems
- Security Baseline
- Automatic Monitoring and Reporting
- Manual Monitoring and Reporting
- Policy Compliance Technologies
- Compliance Monitoring
- Policy Configuration Management
- Change Control Management
Assignments and Study Materials
- Unit 10 Lecture Slides
- Unit 10 Discussion 10.1: Tracking, Monitoring, and Reporting
- Unit 10 Lab 10.2: Align an IT Security Policy Framework to the 7 Domains of a Typical IT Infrastructure
- Unit 10 Assignment 10.3: Automated Policy Compliance Systems (Software Evaluation Criteria spreadsheet)
Questions and Feedback
Use the form below to ask questions or provide feedback about the concepts covered during Unit 10's session of class: