This course will focus on factors feeding into the creation of organizational security policies. You'll develop an understanding of proper functions, and how to design your own security policies within business and regulatory requirements.
Without IT security policies, organizations have no framework that defines the proper and safe use of IT systems and data. In this course, Designing and Implementing Security Policies, you'll be exposed to security standards bodies, and how to create security policies based on recommendations from these standards bodies. First, you'll learn examples of implementing security settings based on security policy documentation. Next, you'll learn how to determine the finer details of security policies, including the use of specific security controls and the consequences of policy non-compliance. Finally, you'll gain insight on how technical controls can be interpreted and then implemented for policy compliance. By the end of this course, you'll have an understanding of how policy documents are laid out, and how to design and implement security policies within business and regulatory requirements.
Daniel Lachance, CompTIA Security+™, CompTIA A+®, CompTIA Network+®, CompTIA Server+, CompTIA Cloud Essentials, MCITP, MCTS, MCSA, is the owner of Lachance IT Consulting Inc. He is the author of the CompTIA Server+ Certification All-in-One Exam Guide, CompTIA Cloud Essentials Certification Study Guide, and co-author of CompTIA Security+ Certification Practice Exams.
Hi everyone, my name is Dan Lachance and welcome to my course, Designing and Implementing Security Policies.
The protection of personnel and digital assets consists of a variety of security controls including user behavior, all driven by organizational security policies. Policies, in turn, are documents laid out in a specific format, and they are influenced by factors such as best security practices, past lessons learned and regulatory compliance.
Awareness of how laws, regulations, and security standards bodies apply to the organization shapes policies such as how users store sensitive data or acceptable email usage. Enterprises can centrally enforce compliance on managed devices and monitor any deviations over time. The policies themselves need to be revisited periodically to ensure they continue to remain effective.
Some of the major topics that we will cover include:
Identifying Security Standards Bodies
Designing Security Policies
Implementing Security Policies
By the end this course you’ll understand how security policy documents are laid out and how to determine what the document’s finer details will include, such as the use of specific security controls and consequences of policy non-compliance.
You will also gain insight as to how technical controls can be interpreted and implemented for policy compliance.
I hope you’ll join me to learn about the creation and implementation of security policies withinthe Designing and Implementing Security Policies course, here at Pluralsight.