Writing Security Policies and Standards

Focused View

Marc Menninger

1:37:23

0 View

01 - Introduction

01 - Writing the rules of security.mp4

00:49

02 - 1. Introduction to Security Policies

01 - What are policies, standards, procedures, and guidelines.mp4

03:52

02 - Common security policies and standards.mp4

02:43

03 - Mapping policies to governance frameworks.mp4

03:02

04 - The security policy lifecycle.mp4

03:28

05 - Creating a security policy architecture diagram.mp4

03:32

06 - Challenge Distinguish between security directives.mp4

01:54

07 - Solution Distinguish between security directives.mp4

02:13

03 - 2. Writing Comprehensive Security Policies and Standards

01 - Understanding security policy components.mp4

02:26

02 - Crafting clear and effective security policies.mp4

02:52

03 - Leveraging free templates in policy development.mp4

02:13

04 - Incorporating AI in policy writing.mp4

02:20

05 - Challenge Draft policy statements.mp4

01:12

06 - Solution Draft policy statements.mp4

02:01

04 - 3. Managing Policy Exceptions

01 - Understanding and evaluating security policy exceptions.mp4

03:37

02 - Managing security policy exceptions.mp4

03:53

03 - Challenge Identify valid policy exceptions.mp4

02:15

04 - Solution Identify valid policy exceptions.mp4

02:06

05 - 4. Exploring Key Security Policies

01 - Writing an Information Security Policy.mp4

03:20

02 - Writing a Data Protection Policy.mp4

03:05

03 - Writing an Access Control Policy.mp4

02:49

04 - Writing an Acceptable Use Policy.mp4

04:07

05 - Writing an Incident Response Policy.mp4

02:40

06 - Writing a Password Policy.mp4

03:05

07 - Writing a Remote Access Policy.mp4

02:33

08 - Writing a BYOD Policy.mp4

03:15

09 - Writing a Physical Security Policy.mp4

03:42

10 - Writing an Encryption Policy.mp4

02:22

11 - Challenge Map policy relationships.mp4

01:47

12 - Solution Map policy relationships.mp4

01:46

06 - 5. Ensuring Policy Compliance and Enforcement

01 - Monitoring compliance with security policies.mp4

04:07

02 - Responding to policy violations.mp4

02:39

03 - Challenge Handle a policy violation incident.mp4

01:55

04 - Solution Handle a policy violation incident.mp4

03:10

05 - Building a culture of compliance.mp4

03:53

07 - Conclusion

01 - Begin your security policy journey.mp4

00:40

Description

Master the skills to develop and manage security policies that protect your organization’s critical information and resources. In this comprehensive course, Marc Menninger covers every aspect of security policy creation, from foundational concepts—like policies, standards, procedures, and guidelines—to crafting clear, effective policies that align with governance frameworks like ISO 27001 and HIPAA. Explore the security policy lifecycle, learn to create security policy architecture diagrams, and discover how to leverage free templates and AI tools to streamline policy development. Learn to manage policy exceptions, write key policies such as Information Security, Data Protection, Acceptable Use, and Access Control, monitor compliance, and respond to violations. This course is essential for security professionals, IT personnel, and compliance officers looking to build a robust security framework that safeguards their organization’s data and systems.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Cyber Security

Marc Menninger

Instructor's Courses

Security leader with 20+ years of practical enterprise security experience including strategy, policies, governance, technology, risk management, and team development. I have a proven track record of success in strengthening the security posture of the organizations that I serve. KEY ACCOMPLISHMENTS • Planned, developed, and implemented company-wide information security program from scratch based on ISO 27001 security framework • Led successful completion of multiple third-party penetration tests and ISO 27001, HIPAA, and SOC 2 Type 2 audits • Wrote and implemented new information security policies, procedures, and standards in alignment with ISO 27001 • Instituted and chaired the Information Security Steering Committees (ISSC) consisting of company executives and directors • Directed the implementation of the company's first Security Information and Event Management (SIEM) system CERTIFICATIONS & ASSOCIATIONS • Certified Information Systems Security Professional (CISSP) since 2000 • Certified in Risk and Information System Controls (CRISC) • ISACA Board Member • Seattle SecureWorld Expo Advisory Council • Rotary International member since 2008 INDUSTRY EXPERIENCE • Federal, financial, and technology background • ISO 27001-aligned information security program development and management • Security project management • Governance, Risk and Compliance (GRC) • ISO 27001, PCI DSS, SOC 2, HIPAA, FedRAMP, and GLBA compliance gap analysis • Security policy and standards development • Vulnerability management • Network security audit and assessment • Security training and awareness

Linkedin Learning

View courses Linkedin Learning

LinkedIn Learning is an American online learning provider. It provides video courses taught by industry experts in software, creative, and business skills. It is a subsidiary of LinkedIn. All the courses on LinkedIn fall into four categories: Business, Creative, Technology and Certifications. It was founded in 1995 by Lynda Weinman as Lynda.com before being acquired by LinkedIn in 2015. Microsoft acquired LinkedIn in December 2016.