IS4550

Security Policies and Implementation

Unit 4 (July 8, 2016)
Information Systems Security Policy Framework

Learning Objective
  • Describe the different methods, roles, responsibilities, and accountabilities of personnel, along with the governance and compliance of security policy framework.
Key Concepts
  • Different methods and best practices for approaching a security policy framework
  • Importance of defining roles, responsibilities, and accountability for personnel
  • Separation of duties (SOD)
  • Importance of governance and compliance
Reading
  • KimJohnson and Merkow, Chapter 8: IT Security Policy Framework Approaches.
  • http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf.
Keywords
  • Policy Framework Approaches
  • Personnel Accountability and Responsibilities
  • Information Systems Security (ISS) Policies
  • Security Policy Framework
  • Risk Assessment
  • Information Technology (IT) Security Controls
  • Separation of Duties (SOD)
  • Layered Security Approaches
Assignments and Study Materials
  • Unit 4 Lecture Slides
  • Unit 4 Discussion 4.1: Separation of Duties (SOD)
  • Unit 4 Lab 4.2: Craft a Layered Security Management Policy - Separation of Duties
  • Unit 4 Assignment 4.3: Security Policy Creation
Questions and Feedback
Use the form below to ask questions or provide feedback about the concepts covered during Unit 4's session of class:

Your browser is out-of-date!

You need to update your browser to view Foliotek correctly. Update my browser now

×