Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Creation of Policies, Part I Sanjay Goel University at Albany, SUNY

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 2 Course Outline Unit 1: General Policy and Law Issues –Introduction to Policy, Nomenclature, and Definitions Unit 2: Information Security Policy –Definitions, Needs, and Responsibility  Unit 3: Creation of Policies, Part I –Network, Wireless, Web, , Authentication & Access Control and File-sharing Unit 4: Creation of Policies, Part II –Software Development, Disaster Recovery, Data, Audits, and Physical Security Unit 4: Enactment of Policies –Compliance, Enforcement, Refinement

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 3 Unit Outline Creation of Policies, Part I Module 1: Network Policies Module 2: Wireless Policies Module 3: Web Policies Module 4: Policies Module 5: File-sharing Policies Module 6: Authentication and Access Control Policies Module 7: Case Module 8: Summary

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 4 Student should be able to: –Gain a background in risk management –Recognize information security risk terminology –Understand how and why to use various types of security assessment –Determine tangible and intangible assets and values –Understand vulnerabilities to assets –Understand threats to information systems –Determine relevant information system controls –Use both qualitative and quantitative risk analysis methodologies Learning Objectives Creation of Policies, Part I

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 5 User policies Physical security Authentication and authorization Server policies Network policies Coding policies Legal compliance Security Policies Types of Policies