In this course, you will learn about information security policies and frameworks from the raw organizational mechanics of building, to the psychology of implementation. This course presents an effective balance between technical knowledge and soft skills, and introduces many different concepts of information security in clear, simple terms such as governance, regulator mandates, business drivers, legal considerations, and much more.

In addition to premium instructional content from Jones & Bartlett Learning’s comprehensive Information Systems Security and Assurance (ISSA) curriculum, this course provides access to hands-on paper-based labs, case scenarios, handouts, and eBooks (via CourseSmart).


This course covers content within the following industry certification exams:

  • System Security Certified Practitioner (SSCP) – “Security Operations and Administration” domain
  • Certified Information Systems Security Professional (CISSP) – two content domains covered
  • Security + – “Compliance and Operational Security” domain
  • 8570.01 – “Compliance and Operational Security” domain

Course Duration:

4 days

What You’ll Learn

  • The role of an information systems security (ISS) policy framework in overcoming business challenges
  • How security policies help mitigate risks and support business processes in various domains in the information technology (IT) infrastructure
  • Components and basic requirements for creating a security policy framework.
  • Different methods, roles, responsibilities, and accountabilities of personnel, along with the governance and compliance of security policy framework
  • ISS policies associated with the user domain
  • ISS policies associated with the IT infrastructure
  • ISS policies associated with risk management
  • ISS policies associated with incident response teams (IRT)
  • Implementing and enforcing ISS policies
  • Defining, tracking, monitoring, reporting, automating, and configuration of compliance systems and emerging technologies

Who Needs to Attend

  • Anyone who wants to fully understand the process of implementing successful sets of security policies and frameworks
  • Security officers
  • Auditors


General knowledge of networking and management information systems

Course Outline

1. The Need for IT Security Policy Frameworks

  • Information Systems Security Policy Management
  • Business Drivers for Information Security Policies
  • U.S. Compliance Laws and Information Security Policy Requirements
  • Business Challenges Within the Seven Domains of IT Responsibility
  • Information Security Policy Implementation Issues

2. Types of Policies and Appropriate Frameworks

  • IT Security Policy Frameworks
  • How to Design, Organize, Implement, and Maintain IT Security Policies
  • IT Security Policy Framework Approaches
  • User Domain Policies
  • IT Infrastructure Security Policies
  • Data Classification and Handling Policies and Risk Management Policies
  • Incident Response Team (IRT) Policies

3. Implementing and Maintaining an IT Security Policy Framework

  • IT Security Policy Implementations
  • IT Security Policy Enforcement
  • IT Policy Compliance Systems and Emerging Technologies


Lab 1: Craft an Organization-Wide Security Management Policy for Acceptable Use

Lab 2: Develop an Organization-Wide Policy Framework Implementation Plan

Lab 3: Define an Information Systems Security Policy Framework for an IT Infrastructure

Lab 4: Craft a Layered Security Management Policy-Separation of Duties

Lab 5: Craft an Organization-Wide Security Awareness Policy

Lab 6: Define a Remote Access Policy to Support Remote Healthcare Clinics

Lab 7: Identify Necessary Policies for Business Continuity-BIA and Recovery Time Objectives

Lab 8: Craft a Security or Computer Incident Response Policy-CIRT Response Team

Lab 9: Assess and Audit an Existing IT Security Policy Framework Definition

Lab 10: Align an IT Security Policy Framework to the Seven Domains of a Typical IT Infrastructure