IAS-5540 Policies and Procedures Development and Implementation

Information technology professionals, whether in the public or private sector, must ensure that their information systems comply with privacy and security laws, regulations, directives, and any organizational policies, procedures, and guidelines. This challenge can be a daunting task and confronts both public and private organizations alike. To meet this charge, they develop and implement security policies and procedures that explicitly define the organization's security protocols. Security policies are custom-created, dynamic standards of business conduct. While the best practices of the information security field form the basis of any security policy, each organization has unique requirements that shape policies used to manage security. Students in this course will develop the skills and knowledge needed to access the security posture of an organization and then apply the information gathered during this assessment to inform stakeholders about the challenges inherent to their unique information assurance landscape. They will learn to develop processes and define policies that achieve the targeted level of security for an organization based on the level of risk mitigation required. With respect to securing networks and systems people are often the weakest link. To address this challenge, students in this course will learn to develop policies and best practices for members of technology groups as well as for system users. Students will develop training documentation for management, technical, and user populations that exposes them to the policies and processes required to secure information technology and to align these with the business objectives of the organization.