Evan Anderson
IS4550
Security Policies and Implementation
Unit 5 (July 15, 2016)
User Policies
Learning Objective
- Describe the different ISS policies associated with the User Domain.
Key Concepts
- Reasons for governing users with policies
- Regular and privileged users
- Acceptable use policy (AUP) and privileged-level access agreement (PAA)
- Security awareness policy (SAP)
- Differences between public and private User Domain policies
Reading
- Johnson and Merkow, Chapter 9: User Domain Policies.
-
NIST: Special Publication 800-171
- SC Magazine: Ultrasound theft results in data breach at health care company Kaiser Permanente
- SC Magazine: Second Circuit rules in favor of Microsoft, government can't force access to email on Irish server
- SC Magazine: Federal judge rules StingRay use without a warrant violates Fourth Amendment
- Office of Budget and Management: Federal Cybersecurity Workforce Strategy
Keywords
- Acceptable Use Policy (AUP)
- Privileged-Level Access Agreement (PAA)
- Security Awareness Policy (SAP)
- User Domain Policies
- Governance, Risk Management, and Compliance (GRC)
- Enterprise Risk Management (ERM)
- Separation of Duties (SOD)
Assignments and Study Materials
- Unit 5 Lecture Slides
- Unit 5 Discussion 5.1: Best Practices for User Policies
- Unit 5 Lab 5.2: Craft an Organization-Wide Security Awareness Policy
- Unit 5 Assignment 5.3: Create User Policy
- In-Class Exercise: OCAI-Worksheet (Excel Spreadsheet)
Questions and Feedback
Use the form below to ask questions or provide feedback about the concepts covered during Unit 5's session of class: