Corporate security policy foundations - a framework for better results Course

An introduction to corporate security policies: what they are, why they exist and how you use them.

2 hours, 37 minutes

Course description

Every organization needs cybersecurity policies and other documents to help define and manage their cybersecurity program, protect them from cybercrime and comply with legal requirements. There is no need to dread working on policies and procedures! They are essential documents and can be rewarding projects for both organization and individuals. In Course 1, we lay a framework for thinking about policies and other governance documents and how they fit into governance, management, protection and legal compliance.


Corporate Security Policies Course 1 Handout

File - 00:10:00

A course handout that includes a general checklist, references, and links.

Video - 00:06:00

JB wraps it up!
Policy knowledge and skills introduced

Video - 00:07:00

We quickly outline important knowledge and skills for creating and updating good policies and remind you that you can improve any and all of these skills.
The people who write, read and approve security policies

Video - 00:16:00

We introduce this thing called humans and consider what they are and do regarding our cybersecurity governance documents.
Effective governance documents look like this

Video - 00:16:00

We talk about what effective policies, standards and procedures should look like.
Building internal rules conceptually

Video - 00:16:00

Now let's think about an analogy to build and update our security policies. We see more why the "rules platform" concept is really helpful.
Planning our policies and internal rules conceptually

Video - 00:10:00

We discuss conceptual components that go into planning our security policies, our organization's internal rules. These include law, frameworks, business needs and action.
Three platforms plus a fourth to build our policies

Video - 00:10:00

John discusses Bandler's Three Platforms to Connect for compliance, plus the fourth platform of business mission and needs.
Rethinking the rules pyramid as a platform

Video - 00:13:00

John discusses his opinion that the rules platform is a more helpful analogy than the "rules pyramid" concept.
Internal rules introduced: Organization policies, procedures and more

Video - 00:12:00

Organizations create rules for themselves and their employees. Let's talk about that.
Rules introduced: Let’s talk about what they are in general

Video - 00:14:00

Security policies are rules. Let's explore the types of rules we encounter in life and cybersecurity.
What are security policies and why do we need them?

Video - 00:13:00

John introduces security policies and other governance documents and discussed why they are so important.
Introduction to Corporate Security Policies

Video - 00:11:00

Welcome to Corporate Security Policies! An introduction to the path and your instructor.
Course 1 assessment

Assessment - 8 questions

Meet the author

John Bandler

John Bandler is a lawyer, consultant, speaker, teacher, and author in the areas of cybersecurity, cybercrime, privacy, investigations, and more. He is the founder of Bandler Law Firm PLLC and Bandler Group LLC, legal and consulting practices that help organizations and individuals with cybersecurity, the prevention and investigation of cybercrime, privacy, legal compliance, and more.

John has expertise in many subjects, holds a number of certifications, and is a prolific writer and speaker. He is the author of Cybersecurity for the Home and Office, a comprehensive guide to understanding and improving information security. His second book is Cybercrime Investigations, an extensive resource regarding the law, technology, process, and skills for the investigation of cybercrime. John has authored many articles on a range of topics, teaches students at the undergraduate, graduate, and law level, and provides training for professionals.

Before entering private practice, John served in government for more than twenty years as a prosecutor, police officer, and military officer. John was hired as an assistant district attorney at the New York County District Attorney’s Office by the legendary Robert M. Morgenthau, where he investigated and prosecuted the full range of offenses including traditional crime, cybercrime, the global trafficking of stolen data, and virtual currency money laundering. Before that, he served for eight years as a state trooper in the New York State Police, assigned to a busy patrol station providing full services to the local community. He also served in the Army Reserves.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • Exploitation Analyst
  • Target Developer
  • Cyber Intel Planner

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust