Strategic Planning and Policy Development (SPPD-301)



Strategic Planning and Policy Development (SPPD-301)

This is a closed class. It requires a contract. On-site for 22 people.

Days: 5 Days Labs: Yes –Local Cyber Range

Type of Course: Advanced  Security / Managerial

Prerequisites: Introduction to Strategic Planning and Policy Development (SPPD-INT)

About this course: Maps to the NICE Oversight and Development specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work.  Strategic Planning and Development focuses on applying knowledge of priorities to define an entity.

Goals: Analyzing organizational information security policy, applying knowledge of assessment data of identified threats to decision-making processes, overseeing development and implementation of high-level control architectures, and publishing a supply chain security and risk management policy.

Topics: Reviewing policies with stakeholders establishing cybersecurity strategy, link organizational mission objectives, communication channels and stakeholders. leadership and governance through policies, procedures, and guidelines. Writing, editing, and integrating information assurance policy, identifying organizational policy stakeholders, assessing policy needs and collaborating with stakeholders, developing policies to govern information technology activities, implementing policies and procedures, protecting critical infrastructure, maintaining strategic plans, designing cybersecurity strategy with vision, mission, and goals defining current and future business environments.

Methods of instruction: There are 8 different possible exercises that can be used in a module. Some examples include: threats and controls, case studies, risk analysis practice, and reading review. Technical labs will require basic skills in operating systems and virtualization. As soon as students become too comfortable, the instructor will switch methods.

Students are expected to have basic experience in the areas of networking and DoD Cybersecurity as well as knowledge of related Cybersecurity policies and procedures.  Course support DISA responsibilities in DoD Cybersecurity Discipline Implementation Plan, DoD I 8551.01, the STIG’s and NIST SP800-53. The course covers topics in NICCS / NICE and ARTEP.