Creation of Policies, Part II Sanjay Goel University at Albany, SUNY

1. Creation of Policies, Part II Sanjay Goel University at Albany, SUNY

2. Course Outline Unit 1: General Policy and Law Issues • Introduction to Policy, Nomenclature, and Definitions Unit 2: Information Security Policy • Definitions, Needs, and Responsibility Unit 3: Creation of Policies, Part I • Network, Wireless, Web, Email, Authentication & Access Control and File-sharing • Unit 4: Creation of Policies, Part II • Software Development, Disaster Recovery, Data, Audits, and Physical Security Unit 4: Enactment of Policies • Compliance, Enforcement, Refinement

3. Unit OutlineCreation of Policies, Part II Module 1: Software Development Policies Module 2: Acceptable Use Policies Module 3: Disaster Recovery Policies Module 4: Data Policies Module 5: Audit Policies Module 6: Physical Security Policies Module 7: Case Module 8: Summary

4. Learning ObjectivesCreation of Policies, Part II Student should be able to: • Gain a background in risk management • Recognize information security risk terminology • Understand how and why to use various types of security assessment • Determine tangible and intangible assets and values • Understand vulnerabilities to assets • Understand threats to information systems • Determine relevant information system controls • Use both qualitative and quantitative risk analysis methodologies