A policy defines what information is to be protected, why it is to be protected, and who (and under what circumstances) may have what form of access to that information. The policy lays out the business case for the information protection. It is the basis for all protection measures. Ultimately the protection implementation must be traceable to the policy and the policy must be traceable to the implementation. If such traceability fails usually something breaks and the information is either not adequately protected or the implemented system contains superfluous components. Policy is the basis for the consideration of composition.

The course will begin with a study of the background of early communications, the establishment of the awareness of information having value (hence the emergence of policy), possible policy dimensions (expectations), and the means (mechanisms) for actually implementing that policy. This initial part of the course will draw heavily on the “oral tradition” and on the rules that have evolved regarding written information, in particular with focus on the identification of information, information objects themselves as distinct from the “containers” of those information objects, and markings.

"Policy" Full Course Description

"Policy" courseware is expected to be available here soon...