A deep dive into security policy creation for a large business. Very informative if not a little dry at times.

You create security policies, guidelines, and standards for a fictional business. You learn many things from acceptable use to data center design and security. You also learn to write incident response procedures and assess business risk.

Professor Lutzen uses his experience writing policies for S&T to provide good examples in class. Although a lot of the material can be considered a little dry, he has a great way of keeping the class engaged with stories and insights into what we are learning.

Be prepared to write a lot while researching NIST documents. Grading isn’t super harsh but it is important to put significant effort into creating your policies. Any mistakes, however, have the opportunity to be corrected with little to no penalty