IS4550

Security Policies and Implementation

Unit 9 (August 12, 2016)
Implementing and Maintaining an IT Security Policy Framework

Learning Objective
  • Describe different issues related to implementing and enforcing ISS policies.
Key Concepts
  • Organizational implementation issues for ISS policies
  • Hindrances to the dissemination of policies, and policy monitoring and enforcement strategy
  • Policy enforcement as it relates to compliance laws
  • Differences between public and private IT security policy implementations
  • Legal implications of ISS policy enforcement 
Reading
  • Johnson and Merkow, Chapter 13: IT Security Policy Implementations.
  • Johnson and Merkow, Chapter 14: IT Security Policy Enforcement.
  • NIST: SpecialPublication 800-171
Keywords
  • Implementation Issues
  • Dissemination of Policies
  • Security Policy Enforcement
  • Enforcement Strategies
  • Policy Monitoring
  • Technical Hindrances
  • Nontechnical Hindrances
  • Compliance Laws
  • Executive Management Support/Sponsorship
  • Compliance Committee
  • Operational Risk Committee
  • Automated Security Controls
  • Organizational Challenges
  • Organizational Cultural Change
Assignments and Study Materials
  • Unit 9 Lecture Slides
  • Unit 9 Discussion 9.1: Information Dissemination—How to Educate Employees
  • Unit 9 Lab 9.2: Assess and Audit an Existing IT Security Policy Framework Definition
  • Unit 9 Assignment 9.3: Policy Monitoring and Enforcement Strategy
Questions and Feedback
Use the form below to ask questions or provide feedback about the concepts covered during Unit 9's session of class:

Your browser is out-of-date!

You need to update your browser to view Foliotek correctly. Update my browser now

×