Security policy frameworks provide information security professionals with clearly written guidance to help communicate to business leaders, end users, and each other about security expectations and responsibilities. In this video, learn about security policies, standards, guidelines, and procedures.
- [Instructor] Security professionals do a lot of writing.…We need clearly written guidance to help communicate…to business leaders, end users, and each other…about security expectations and responsibilities.…In some cases, we're setting forth mandatory rules…that everyone in the organization must follow,…while, in other cases, we're simply giving advice.…Each of these roles requires communicating…a little bit differently.…That's where the security policy framework comes into play.…
Most security professionals recognize a framework…consisting of four different types of documents,…policies,…standards,…guidelines,…and procedures.…Security policies are the bedrock documents…that provide the foundation for an organization's…information security program.…They are often developed over a long period of time…and very carefully written…to describe an organization's security expectations.…Compliance with policies is mandatory,…and policies are often approved…at the very highest levels of an organization.…
Because of the rigor involved…
To join one of Mike's free study groups for access to bonus tips and practice questions, visit certmike.com.
- The security triad: confidentiality, integrity, and availability
- Security principles
- Resource security
- Data security
- Security controls
- Assessing security controls
- Security policy
- Physical security
Skill Level Intermediate
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover software licensing. In addition, the following topics were updated: integrity, leveraging industry standards, data encryption, security control selection and implementation, audits and assessments, security policy framework, security policy training and procedures, and ethics.
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
1. The Security Triad
2. Security Principles
3. Resource Security
4. Data Security
5. Data Security Controls
6. Security Controls
Control frameworks3m 55s
7. Assessing Security Controls
8. Security Policy
9. Awareness and Training
10. Physical Security
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.