• Classroom
  • Online, Instructor-Led
Course Description

This course provides an in-depth look at risk factor analysis that must be performed in order to design a flexible and comprehensive security plan. Topics include assessing threats, developing countermeasures, protecting information and security designs processes. Auditing practices used to verify compliance with policies and procedures, as well as for building a case for presentation in private and public settings, are also covered.

Learning Objectives

  1. Given an organization which needs a general security policy, understand what is needed to get a policy implemented and how to gain acceptance for the policy.
  2. Given an organization which needs a general security policy, understand what is needed to create an effective policy.
  3. Given an organization that needs security, be able to appropriately classify the assets that need protecting.
  4. Be able to address personnel security issues in a given organization.
  5. Be able to implement physical and environmental security policies and procedures.
  6. Implement operations security and explain how it impacts information security.
  7. Given an organization requiring security polices, define access control policies for that organization.
  8. Be able to integrate systems development issues into the security plan.
  9. Given a financial institution, be able to address the regulatory requirements for its information security.
  10. Given a health care organization, be able to address the regulatory requirements for its information security.
  11. Given an organization with a critical infrastructure, be able to address the regulatory requirements for its information security.
  12. Given a small business, be able to completely set up security policies for that business.

Framework Connections

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.