Information Security: IT Policy Makers Bundle
Course

Information Security: IT Policy Makers Bundle

Human Logic
Updated Nov 27, 2019

Course Overview

Information security policy makers are the one who will make a set of policies in a organization to ensure that all information technology users within the domain of the organization or its networks comply with rules and guidelines related to the security of the information stored digitally at any point in the network or within the organization's boundaries of authority.

Every organization needs to protect its data and also control how it should be distributed both within and without the organizational boundaries. This may mean that information may have to be encrypted, authorized through a third party or institution and may have restrictions placed on its distribution with reference to a classification system laid out in the information security policy.

Target Audience

Information Security

Learning Objectives

  • Define roles and responsibilities for granting and denying access and privileges
  • Authorize access & privilege requirements
  • Monitor access and usage of business information and applications
  • Define access review and revocation criteria/period, and ensure no unauthorized access is provided
  • Applications that support service delivery, technology/Infrastructure (Server/Devices/Equipment) assets that run/host the application
  • Data/Information (physical & digital) being consumed, used, processed, stored, shared, delivered, and/or deleted
  • Persons/human-resources involved in the delivery of service and ownership of Information assets (softcopy & hardcopy)
  • Ensure acceptable use of assets by end users
  • Ensure that information assets are classified and labeled
  • Identify and enforce data retention requirements for digital & physical information, control/limit removable media access and shall take appropriate measures to secure data/information
  • Establish an Information Security (IS) Awareness and Training policy
  • Establish roles and responsibilities of providers and recipients of IS awareness and training activities
  • Identify information security compliance policies and demands
  • Understand the importance of Non-Disclosure Agreements for an organization
  • Understand roles and responsibilities of mid-management in establishing and meeting the information security objectives
  • Review reported incidents and take suitable corrective & preventive measures. Encourage staff members to report incident
  • Create awareness among staff members based on lessons learnt from incidents and advise them on good and ethical security practices
  • Ensure implementation of Physical and Environmental Security policy and associated controls
  • Reducing the Financial Damages
  • Avoiding the Damage
  • Protect the information against external or internal threats
  • Classify the information according to its criticality to protect it against unauthorized modifications or disclosure
  • Restrict users to use unathorised devices in organization computers/laptops.