Last day to save $500 for SANS San Diego 2013

OnSite

MGT519: Information Security Policy In-Depth

This course is the most in-depth coverage of information security policy ever developed. By the end of the course your head will be spinning. During this intensive two-day security-policy course, you will learn what security policy is (positive and negative tone); How to create consistent policies; how to balance the level of specificity to the problem at hand; the role of policy, awareness and training; the SMART approach to security policy development and assessment.

More

  • Policy Establishes Bounds for Behavior
  • Policy Empowers Users to do the Right Thing
  • Should and Shall, Guidelines and Policy
  • ISMS as Governing Policy
  • Policy versus Procedure
  • Policy Needs Assessment Process
  • Organizational Assumptions, Beliefs and Values (ABVs)
  • Relationship of Mission Statement to Policy
  • Organizational Culture
  • Using the Principles of Psychology to Implement Policy
  • Applying the SMART to Policy
  • How Policy Protects People, Organizations and Information
  • Case Study, the Process to Handle a New Risk (Sexting)
  • Policy Header Components and How to Use Them
  • Issue Specific Policies
  • Behavior Related Polices, Acceptable Use, Ethics
  • Warning Banners
  • Policy Development Process
  • Policy Review and Assessment Process
  • Wrapup, the Six Golden Nuggets of Policy

Hide
Course Syllabus
 
 
  Testimonial

"I never realized there is so much to know about security policy."

"Any security manager, anyone assigned to review, write, assess or support security policy and procedure can benefit from this course."
 
  Laptop Required

Pencil and paper would suffice for the labs, but we recommend a laptop with a word processor. A CDROM is also highly recommended.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.
 
  Who Should Attend

  • Managers with security program responsibilities
  • Security professionals with policy development and assessment duties
  • Anyone who serves on a policy steering committee
 

Author Statement

Author Statement

I have been told, "do this according to your security policy," or "you should have this in your security policy" so many times, but no one ever said how to create a policy. In 1997, an instructor in a class I was taking said that and I remember thinking, "alrighty then, I am going to figure this out." As a result, I started a research project with SANS and a colleague, John Ritter, to determine the steps to consistently develop good, and the right, policy and then get it approved. We do not claim to have all the answers, but this is the most comprehensive security policy training available. A lot of material can be found on the web if you are skilled at targeted Google searches, but I have been researching, improving, and adding to the material for a long time, and frankly time is money. In two course days, the diligent student will become an expert on information security policy.

- Stephen Northcutt

The OnSite program allowed many of our members to attend that have had restrictions on out of state travel.
- Randy Raw

Share
SANS Golden Gate 2013 - San Francisco
Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Last 25 Papers »

Latest Tweets @SANSInstitute

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training and awareness that SANS has to offer."
- Michael Hall, Drivesavers

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee