This course will provide an understanding of the concept of policy in information security. Attendees will explore the types of policy that are part of an overall security strategy, from the policy that determine rules and best practices to those which drive computer security, including discretionary access control, mandatory access control, and role-based access control types of policies, and how these are used in organizations. Through this course, attendees will understand the basic elements of policy construction.
This course will communicate operational policy applications from multiple perspectives:
- The human factor: behavioral issues and awareness in the workplace
- User interfaces: bringing security features for the general workforce
- Software construction: the right tools for the right tasks
- Business workflows, trade-oﬀs with usability, system configuration, and the detection of insider threats