1. Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Creation of Policies, Part II Sanjay Goel University at Albany, SUNY

2. Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 2 Course Outline Unit 1: General Policy and Law Issues –Introduction to Policy, Nomenclature, and Definitions Unit 2: Information Security Policy –Definitions, Needs, and Responsibility Unit 3: Creation of Policies, Part I –Network, Wireless, Web, Email, Authentication & Access Control and File-sharing  Unit 4: Creation of Policies, Part II –Software Development, Disaster Recovery, Data, Audits, and Physical Security Unit 4: Enactment of Policies –Compliance, Enforcement, Refinement

3. Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 3 Unit Outline Creation of Policies, Part II Module 1: Software Development Policies Module 2: Acceptable Use Policies Module 3: Disaster Recovery Policies Module 4: Data Policies Module 5: Audit Policies Module 6: Physical Security Policies Module 7: Case Module 8: Summary

4. Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 4 Student should be able to: –Gain a background in risk management –Recognize information security risk terminology –Understand how and why to use various types of security assessment –Determine tangible and intangible assets and values –Understand vulnerabilities to assets –Understand threats to information systems –Determine relevant information system controls –Use both qualitative and quantitative risk analysis methodologies Learning Objectives Creation of Policies, Part II