Learning Path

Corporate Security Policies

Learn to build and shape better policies and procedures for your organization.
13 hours, 44 minutes

What you will learn

Policies, procedures and other governance documents are an essential part of managing an organization and employees, and especially for cybersecurity programs. Learn the characteristics of good governance documents and how to review, update and implement them. Effective governance documents can help build efficiency, reduce error, improve security and reduce legal liability risks.
 

Syllabus

Corporate security policy foundations - a framework for better results

Course - 02:37:00

Every organization needs cybersecurity policies and other documents to help define and manage their cybersecurity program, protect them from cybercrime and comply with legal requirements. There is no need to dread working on policies and procedures! They are essential documents and can be rewarding projects for both organization and individuals. In Course 1, we lay a framework for thinking about policies and other governance documents and how they fit into governance, management, protection and legal compliance.
Business needs for security policies: Mission, management, cybersecurity and humans

Course - 01:51:00

Business mission comes first, so when you are planning your cybersecurity documents and program, it must incorporate business needs. There may be competing interests among the participants. In this course, we ensure mission and business are integrated into your policies and procedures, process and project.
Incorporating legal requirements into security policies

Course - 02:15:00

Policies and other written documentation must comply with applicable laws and regulations. An organization’s policies cannot conflict with legal requirements and should assist the organization with compliance. In this course, we explore what those legal requirements are and how they are both foundational and specific for cybersecurity and privacy.
External guidance to assist with security policies

Course - 01:45:00

Security professionals need to be careful what guidance we select and how we adapt it to our company’s unique needs. We will review many sources for such guidance, including from government, cybersecurity frameworks, publicly available templates or policies, resources and tools.
Planning the security document project

Course - 01:23:00

Ideally, careful planning goes into your security policies and other documents, and this is conducted as a project with budgeted resources and time. Of course, sometimes circumstances dictate a different approach so we address that too. We walk through the pre-project process, evaluating where you are, where you need to be, who should be involved and how to gain project approval.
The security document project and managing and executing it

Course - 03:13:00

Now our security policy project is in progress as we work to create (or update) our documents. We cover the steps, knowledge and skills to create effective information security policies and other governance documents to maximize team value and overcome obstacles. Stages include project kickoff, initial steps and review, drafts and revisions, gaining approval for the documents and distributing them, and training and ensuring compliance.
Using and maintaining your new policies

Course - 00:39:00

You created documents that are important for protection and compliance. They cannot be “shelfware”! This short course explores how to keep the documents current and relevant, use our learned skills in other areas and concludes the learning path.

Meet the author

John Bandler is a lawyer, consultant, speaker, teacher, and author in the areas of cybersecurity, cybercrime, privacy, investigations, and more. He is the founder of Bandler Law Firm PLLC and Bandler Group LLC, legal and consulting practices that help organizations and individuals with cybersecurity, the prevention and investigation of cybercrime, privacy, legal compliance, and more.

John has expertise in many subjects, holds a number of certifications, and is a prolific writer and speaker. He is the author of Cybersecurity for the Home and Office, a comprehensive guide to understanding and improving information security. His second book is Cybercrime Investigations, an extensive resource regarding the law, technology, process, and skills for the investigation of cybercrime. John has authored many articles on a range of topics, teaches students at the undergraduate, graduate, and law level, and provides training for professionals.

Before entering private practice, John served in government for more than twenty years as a prosecutor, police officer, and military officer. John was hired as an assistant district attorney at the New York County District Attorney’s Office by the legendary Robert M. Morgenthau, where he investigated and prosecuted the full range of offenses including traditional crime, cybercrime, the global trafficking of stolen data, and virtual currency money laundering. Before that, he served for eight years as a state trooper in the New York State Police, assigned to a busy patrol station providing full services to the local community. He also served in the Army Reserves.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments