- Type Learning
- Level Foundational
- Time Hours
- Cost Paid
Information security policies
Issued by
Jisc
This information security policies course takes a broad view of risks to these aspects – accuracy, availability and confidentiality – of information security. We examine the origin of these risks in behaviours, processes, physical, technical and environmental factors; and consider how policies can be used to mitigate and manage the risks.
- Type Learning
- Level Foundational
- Time Hours
- Cost Paid
Skills
Earning Criteria
-
The course consists of two two-hour live online sessions. Being awarded this digital credential is dependent on the participant fulfilling all the Jisc training course criteria. In doing so this participant has shown they are able to:
-
Describe the different sources of risk to information security
-
Explain the different ways that risks can harm information security
-
Describe the impact of user perception on information security
-
Analyse, and give examples of, the different components of risk
-
Propose and assess different ways of treating risks
-
Use different approaches to identifying risks
-
Identify which risks are a priority for treatment
-
Understand the advantages and disadvantages of using standard security policy frameworks (e.g. ISO27001, UCISA toolkit)
-
Use risk assessment as a basis for organisational policies that reduce risks
-
Explain the need for policies to be part of an information security management system (ISMS)
-
Explain the plan/do/check/act model of an ISMS
-
Identify relevant feedback mechanisms to improve policies and the ISMS
-
Explain the usefulness of an information security forum
-
Analyse the criticality of a system and select appropriate risk mitigation
-
Participants will demonstrate they have met these outcomes by;
-
Having taken part in all activities
-
Fully engaged in interaction
-
Contributed to discussions
-
Completed all assignments