Discover the fundamental concepts and practices for developing and drafting organizational policy, including related documents to support implementation. Explore how to communicate policies to internal and external audiences (in both written and oral communications). Learn how to incorporate organizational priorities and mandates into managerial policies. Case studies are primarily based in security studies, but other professional fields are welcomed.

This course introduces common technological and organizational measures for cybersecurity, with a focus on protection concepts. Students assess the organizational impacts of security measures, and explore how best practices, standards, and organizational policy can help manage such measures. Topics include identity management, authentication, access control, data and system security and availability, encryption, integrity mechanisms, system maintenance, and continuity of operations. Note that we do not focus on how to technically implement these security systems.

We survey laws, regulations, and standards for cybersecurity in the United States, including "soft law" and self-regulation. Topics include the pros and cons of regulatory solutions and market solutions; the different approach to data protection regulation in the European Union; and cybersecurity concerns and regulatory authorities in various U.S. industries and sectors. Students become familiar with key standards bodies involved in cybersecurity, and explore organizational processes for remaining current with industry best practices.

This course establishes foundations for addressing cybersecurity as a risk management concept and process, and as a component of overall risk management within an organization. Students will become familiar with theories of risk and methods of risk management, as well as frameworks/models for applying these theories and methods to cybersecurity.