SEC-204: Security Policy and Processes
Course Syllabus
Course Description
Security transcends its conventional perception as a mere safeguard for sensitive information within a system. Rather, it embodies a multifaceted paradigm necessitating the establishment of comprehensive organizational frameworks. These frameworks, comprising defined policies and processes, are pivotal in ensuring the continual preservation of data integrity and confidentiality at the highest echelons of security standards. Thus, beyond its technical underpinnings, security emerges as a holistic imperative, binding the responsibilities of administering and utilizing systems with the imperative to fortify the organizational fabric against potential threats and vulnerabilities.
In this competency, we will explore the fundamental procedures for defining security policies and discuss the essential components they should encompass. Additionally, enforcing these policies requires organizational processes that blend both administrative and technical tasks to maintain adequate security levels. We will examine various security frameworks, such as ISO/IEC 27001 or the NIST Cybersecurity Framework (CSF). By the end of this competency, you should be proficient in analyzing security policies and implementing comprehensive security processes. The skills you acquire will prove invaluable when navigating the security landscape of real enterprises, where security is of paramount concern.
General Information
| Competency Code | SEC-204 |
|---|---|
| Competency Name | Security Policy and Processes |
| Competency Credits | 4 |
| Competency Duration | 6 Weeks (~9 Hours Per Week = 52 Hours in Total) |
| Instructor | Dr. Charnon Pattiyanon <charnon@cmkl.ac.th> |
Prerequisite
- SEN-201 - Software Engineering Processes
- SEC-201 - Data Privacy, Security, and Integrity
Assessing Skills
- [SEC-204:00010] Analyze security policies - Successful students will be able to read, understand, and analyze information security policies.
- [SEC-204:00020] Improve existing security policies or define a policy - Successful students will be able to criticize existing information security policies or define their own information security policy.
- [SEC-204:00030] Implement security processes - Successful students will be able to understand, analyze, and implement security processes in accordance with some security frameworks.
Class Schedule and Topics
| Week | Lecture Topic | Lab/Practical Session Topic |
|---|---|---|
| Week 1 | Lecture 1: Introduction to Security Policy and Processes
|
Assessment Announcement |
| Week 2 | Lecture 2: How to Write a Security Policy (Part
1)
|
Lab 1: Read and understand a security policy |
| Week 3 | Lecture 3: How to Write a Security Policy (Part
2)
|
Lab 2: Write the first part of your own security policy |
| Week 4 | Lecture 4: Security Process (Part 1)
|
Lab 3: Write the final part of your own security policy |
| Week 5 | Lecture 5: Security Processes (Part 2)
|
|
| Week 6 | Lecture 6: Security Processes (Part 3)
|
Lab 4: Define the security processes for your software development project |
Assessment and Submission Guideline
This competency requires each student group to submit only one deliverable, which is:
- A Final Report: This is the final document summarizing the details of your assessment. Please refer to the report template provided below.