Information Security Policy and Management

Information Security policies are designed to help individuals within an organisation practice behaviours which reduce the risk of a breach to digital security.

On this course, you’ll explore the key terms and critical concepts of information security, enabling you to successfully navigate and even create company data security policies at work.

You’ll look at the reasons organisations create Information Security Policies, which may include detecting and forestalling the compromise of information security such as misuse of data, networks, computer systems, and applications

You’ll consider the five goals of security governance: * Strategic alignment * Risk management * Resource management * Performance measurement * Value delivery

You’ll also look at the Information Security Management System (ISMS), a systematic approach to managing sensitive company information so that it remains secure.

Study the key principles of access control, including control architecture models, password security issues, and biometrics (a way of identifying and authenticating individuals through the use of unique biological characteristics).

You’ll unpack contingency planning (CP), the process of positioning an organisation to prepare for, detect, react to, and recover from man-made or natural threats to information security assets.

Finally, you’ll explore incident response; the methodology an organisation uses to respond to and manage a cyber-attack.

You’ll look at the goals of an incident response strategy, the different stages and the various teams involved. You’ll conclude by considering how to develop an effective incident response planning policy.