Effective cyber security managers must understand how to develop security policies that will be supported by executive management and adopted by all employees. This course covers the cybersecurity policy lifecycle to include development, publishing, adoption, and review.

In the IT Security Policy and Assessment course we will examine the detailed steps that are required in developing cyber security policies and risk assessments.  We will explore related topics including cyber security policy drivers, governance, risk management, and best practices.  We will examine modern cyber security regulations and frameworks and the different types of policy such as standards, guidance, plans, and procedures and how each are used in an organization’s security strategy.  

Students are required to attend weekly virtual classes, submit discussion posts, complete reading assignments, homework, and exams.

Professor Angela Orebaugh angelaorebaugh@virginia.edu