Security policy frameworks provide information security professionals with clearly written guidance to help communicate to business leaders, end users, and each other about security expectations and responsibilities. In this video, learn about security policies, standards, guidelines, and procedures.
- [Narrator] Security professionals do a lot of writing.…We need clearly written guidance to help communicate to…business leaders, and users, and each other about…security expectations and responsibilities.…In some cases we're setting forth mandatory rules…that everyone in the organization must follow,…while in other cases, we're simply giving advice.…Each of these roles requires communicating…a little bit differently.…That's where the Security Policy Framework comes into play.…
Most security professionals recognize a framework consisting…of four different types of documents.…Policies, standards, guidelines, and procedures.…Security policies are the bedrock documents that provide…the foundation for an organization's…information security program.…They are often developed over a long period of time,…and very carefully written to describe…an organization's security expectations.…Compliance with policies is mandatory and policies are often…approved at the very highest levels of an organization.…
Because of the rigor involved in developing security…
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Aligning security with the business
- Using control frameworks
- Understanding compliance ethics
- Implementing effective security policies
- Planning for business continuity
- Ensuring the security of employees
- Managing risk
- Identifying threats
- Managing vendors
- Building security awareness
- Conducting security training
Skill Level Advanced
IT Security Careers and Certifications: First Stepswith Marc Menninger2h 6m Appropriate for all
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Appropriate for all
1. Security Governance
2. Compliance and Ethics
3. Security Policy
4. Business Continuity
5. Personnel Security
6. Risk Management
7. Threat Modeling
8. Vendor Management
Vendor agreements3m 34s
9. Awareness and Training
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.