Keywords
Confidentiality, Integrity, Availability, Passwords, Protecting Audit Data, Vulnerability management, Incident response, Application security, Cloud security, Infrastructure security
Course Description
This course prepares the graduate student to employ the theoretical and conceptual underpinnings to improve information security behavior and develop skills in a work-related context in private, public or government enterprises. The course is designed to assess decisions and policies to improve information security management. The academic engagement will cover the following topics: (i) policy development, (ii) risk analysis and management, (iii) security information dissemination, education and awareness training, (iv) legal compliance, and (v) ethical and legal conduct. Students will be prepared to reflectively respond to the human factors of information security management.
Prerequisites
- Network & Systems Administration
- Information security measures
- IT security architecture
- Network security architecture
Course Outline
An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach. Information security management describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities.
Learning Objectives
- Understand fundamentals of information security
- Understand management systems
- Gain familiarity with the ISO 27000 family of standards
- Understand requirements of ISO 27001:2013
- Understand plan-do-check-act (PDCA) as it relates to an ISMS
- Support cyber security staff
- Conduct annual staff awareness training
- Prioritize risk assessments
- Regularly review policies and procedures
- Assess and improve
- Describe threats to information security
- Identify methods, tools and techniques for combating these threats
- Identify types of attacks and problems that occur when systems are not properly protected
- Explain integral parts of overall good information security practices
- Identify and discuss issues related to access control
- Describe the need for and development of information security policies, and identify guidelines and models for writing policies
- Define risk management and explain why it is an important component of an information security strategy and practice
- Describe the types of contingency plan and the steps involved in developing each
- Identify security issues related to personnel decisions, and qualifications of security personnel
Target Audience
Working Professional with Experience, Entry Level Working Professional, Graduates student.