Designing and Implementing Security Policies

Pluralsight is not an official partner or accredited training center of EC-Council. In this course you'll develop an understanding of proper functions and how to design your own security policies within business and regulatory requirements.
Course info
Rating
(11)
Level
Beginner
Updated
Apr 19, 2017
Duration
2h 6m
Table of contents
Description
Course info
Rating
(11)
Level
Beginner
Updated
Apr 19, 2017
Duration
2h 6m
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Without IT security policies, organizations have no framework that defines the proper and safe use of IT systems and data. In this course, Designing and Implementing Security Policies, you'll be exposed to security standards bodies, and how to create security policies based on recommendations from these standards bodies. First, you'll learn examples of implementing security settings based on security policy documentation. Next, you'll learn how to determine the finer details of security policies, including the use of specific security controls and the consequences of policy non-compliance. Finally, you'll gain insight on how technical controls can be interpreted and then implemented for policy compliance. By the end of this course, you'll have an understanding of how policy documents are laid out, and how to design and implement security policies within business and regulatory requirements.

About the author
About the author

Daniel Lachance, CompTIA Security+™, CompTIA A+®, CompTIA Network+®, CompTIA Server+, CompTIA Cloud Essentials, MCITP, MCTS, MCSA, is the owner of Lachance IT Consulting Inc. He is the author of the CompTIA Server+ Certification All-in-One Exam Guide, CompTIA Cloud Essentials Certification Study Guide, and co-author of CompTIA Security+ Certification Practice Exams.

More from the author
Computer Fundamentals: Hardware
Beginner
2h 42m
Jan 14, 2019
More courses by Daniel Lachance
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi there, my name is Dan Lachance and welcome to my course, Designing and Implementing Security Policies. Protection of personal and digital assets consists of a variety of security controls, even including user behavior, and all of this is driven by organizational security policies and these policies in turn are documents that are laid out in a specific format. The documents are influenced by factors like best security practices, past lessons learned, and regulatory compliance. There needs to be an awareness of how laws, regulations, and security standards apply to organizational security policies. Enterprises can centrally enforce compliance on managed devices and then monitor any deviations over time from the policies. The policies themselves would need to be revisited periodically to ensure that they remain effective. So some of the major things that we will cover in this course include identifying security standards bodies, designing security policies, and then from those designs implementing security policies. By the end of this course you will understand how security policy documents are laid out and how to determine what the documents finer details will include, such as the use of specific security controls and consequences of policy noncompliance. You'll also gain insight as to how technical controls can be interpreted and then implemented for policy compliance. So I hope that you will join me to learn about the creation and implementation of security policies within the designing and implementing security policies course here at Pluralsight.

Designing Security Policies
Hi, I'm Dan Lachance and in this module we're going to focus on designing security policies. If you think about it, the purpose of a security policy really is to protect assets and people within an organization. Assets could also include things like data, of course, that results from the use of technology. So therefore, in this module our focus is going to be on how to align organizational security policies with business objectives. We'll start by talking about policy design guidelines. What is it that we need to take into consideration before actually creating our policies? And of course, this changes periodically, for example, regulations within an industry do change. So we might have to revisit our policy design guidelines and make changes. We'll talk about general security policy types, but then we'll start focusing on certain types of categories of policies like network security policies, where this could include things like a VPN accessible use policy or just a general network access policy. We'll talk about data security policies to protect data within the organization, for instance, to prevent it from being leaked out of the organization through social media. We'll talk about device security policies, notably this really deals primarily with dealing with smartphones where their use is really ubiquitous, but at the same time we have to be careful that they don't get lost or compromised. Then we'll talk about what we need to think about when we want to actually implement policies that we've created. So we'll talk about a policy implementation checklist.

Implementing Security Policies
Welcome back. I'm Dan Lachance and in this module we're going to focus on the actual implementation of IT security policies. So we'll start by having a discussion about the importance of user training and awareness. Now this means that we're going to talk about various stakeholders, such as end users, IT administrators, executives and so on, and the importance of them being aware of security policies related to the technology that they use and how they use it. Then we'll start talking about actual technical implementation details, beginning with securing mobile devices. We'll talk about encryption of data at rest, whether that applies on-premises or in the cloud in accordance with our organizational security policies. And then we'll get into the enablement of network security in its various facets, including encryption and the generation of certificates.