 |
 |
 |
|
 |
 |
 |
|
|
|
|
|
|
|
Session Type: Afternoon Seminar
This workshop has four main sections. First we will present an overview of the policy development life cycle, allowing time for group discussion of how the stages relate to individual campuses. Writing a policy is only one step in the process: beforehand, you must identify stakeholders and solicit their support and place the policy in the context of institutional values; afterwards, the policy must be approved by the right groups, distributed, promoted, interpreted, enforced, and reviewed.
In the second section we will describe a security policy gap-analysis process based on industry-standard categories that shows how to prioritize policies based on risk and relates the process to the institutional security program. The third section will present an overview of model security policy collected by the EDUCAUSE Model Security Policy Subcommittee for its wiki. The fourth and final section will offer practical exercises in writing good policy, including a case study approach.
