This course examines how to create a flexible security policy that can change with requirements and maintain its operational health with mechanisms to combat the human weaknesses of the security process
Delegates will take away working documents that they can apply to their organisation.

• These include
• An executive briefing on best practice security policy
• Their own design for a policy template
• Policies for more than 20 main areas of security that will work in their company
• An implementation plan for their company

Objectives:

To give the students knowledge of what is involved in writing security policies and examples customised for their own situations

Target Audience:

Anyone who has a security responsibility within his or her organization will benefit from this course. Anyone who has a security responsibility within his or her organization will gain from this course

Prerequisites:

A good understanding of Information Security issues

Course Synopsis:

7799 and IT Security
Defining a Security Policy
Corporate Information Security Policy
Specific policies including
  Information classification
  Access control
  Operations
  Incident management
  Physical security
  Human resources
  Third-party access
  Business continuity management
Standards
  Industry best practice
  Experience
  Business drivers
  Internal testing
Procedures
  Incident Reporting
  Incident Management
  User ID addition/removal
  Server backup
Document Structure
  Suggested headings for internal policies
Other Standards
Sources of Information
Authorisation, Implementation and Operation of Security Policies