...
Developing and maintaining policies and procedures
The risk an organisation will commit itself to is highly dependend on the security policy it wants to implement. If no access from outside is offered, only internal weak point have tob e considered.
The other way round, a very open organisation provides numerous attack points to external intruders.
The training should provide an overview about different kinds of IT security policies, the risks associated with those, and the security tools available to cope with those environments. Furthermore there should be hints how to maintain the installed procedures. Since it is also required to have the defined security level up and running all the time, hints should be given also how IT security awareness of staff members and users can be periodicly refreshed.
Applying policies and procedures
...
Every organisation has setup its own IT security policies and procedures. All systems installed in this organisation have to apply to those policies. Therefore it is the task of any system administrator to implement these policies in a way that they are compliant to the intended security level.
...