Security Policies and Implementation Issues



In this course, you will learn about information security policies and frameworks from the raw organizational mechanics of building, to the psychology of implementation. This course presents an effective balance between technical knowledge and soft skills, and introduces many different concepts of information security in clear, simple terms such as governance, regulator mandates, business drivers, legal considerations, and much more.

In addition to premium instructional content from Jones & Bartlett Learning's comprehensive Information Systems Security and Assurance (ISSA) curriculum, this course provides access to hands-on paper-based labs, case scenarios, handouts, and eBooks (via CourseSmart).


This course covers content within the following industry certification exams:

  • System Security Certified Practitioner (SSCP) - "Security Operations and Administration" domain
  • Certified Information Systems Security Professional (CISSP) - two content domains covered
  • Security + - "Compliance and Operational Security" domain
  • 8570.01 - "Compliance and Operational Security" domain


  • Anyone who wants to fully understand the process of implementing successful sets of security policies and frameworks
  • Security officers
  • Auditors

Learning Objectives

  • The role of an information systems security (ISS) policy framework in overcoming business challenges
  • How security policies help mitigate risks and support business processes in various domains in the information technology (IT) infrastructure
  • Components and basic requirements for creating a security policy framework.
  • Different methods, roles, responsibilities, and accountabilities of personnel, along with the governance and compliance of security policy framework
  • ISS policies associated with the user domain
  • ISS policies associated with the IT infrastructure
  • ISS policies associated with risk management
  • ISS policies associated with incident response teams (IRT)
  • Implementing and enforcing ISS policies
  • Defining, tracking, monitoring, reporting, automating, and configuration of compliance systems and emerging technologies

1. The Need for IT Security Policy Frameworks

  • Information Systems Security Policy Management
  • Business Drivers for Information Security Policies
  • U.S. Compliance Laws and Information Security Policy Requirements
  • Business Challenges Within the Seven Domains of IT Responsibility
  • Information Security Policy Implementation Issues

2. Types of Policies and Appropriate Frameworks

  • IT Security Policy Frameworks
  • How to Design, Organize, Implement, and Maintain IT Security Policies
  • IT Security Policy Framework Approaches
  • User Domain Policies
  • IT Infrastructure Security Policies
  • Data Classification and Handling Policies and Risk Management Policies
  • Incident Response Team (IRT) Policies

3. Implementing and Maintaining an IT Security Policy Framework

  • IT Security Policy Implementations
  • IT Security Policy Enforcement
  • IT Policy Compliance Systems and Emerging Technologies