From the course: Writing Security Policies and Standards
Unlock the full course today
Join today to access over 23,400 courses taught by industry experts.
The security policy lifecycle
From the course: Writing Security Policies and Standards
The security policy lifecycle
Like a well-crafted story, security policies have a beginning, middle, and end. This video will guide you through the stages of the security policy lifecycle, from identifying the initial need to retiring the policy. The first stage is identify and assess. Policies often start with the need to protect data driven by regulatory requirements, risk assessments, or identified vulnerabilities. For example, if your organization wants to comply with ISO 27001, identifying the required policies is crucial. A thorough enterprise risk assessment can help spot necessary policies, such as a backup policy, if inconsistencies in data backups are discovered. Next is the develop stage. In this stage, you draft the policy document, stating its purpose and defining clear, actionable statements. Later in this course, I'll guide you through how to do that. You'll share this draft with stakeholders for feedback, ensuring the policy meets security requirements and supports organizational goals. Based on…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
What are policies, standards, procedures, and guidelines?3m 52s
-
(Locked)
Common security policies and standards2m 43s
-
(Locked)
Mapping policies to governance frameworks3m 2s
-
(Locked)
The security policy lifecycle3m 28s
-
(Locked)
Creating a security policy architecture diagram3m 32s
-
(Locked)
Challenge: Distinguish between security directives1m 54s
-
(Locked)
Solution: Distinguish between security directives2m 13s
-
-
-
-
-
-