This is an intermediate level course covering topics on information assets, identifying risks, and management processes highlighting best principles and practices. It will provide training on information risk-related tools and technologies (such as asset evaluation, business impact analysis, risk identification, risk quantification, risk response, security policies and compliance) for better understanding of potential threats and vulnerabilities in business online, and learning to adopt levels of security measures and best practices.
The student will demonstrate an understanding of:
- The practice of risk management and describe how risk management practices are applied to information systems
- Familiarity with common risk management frameworks and how they may be applied to information systems risk management
- Common IT system components, their uses, and how they fit in the risk context process
- Key assets usually found in an IT system and the procedures used to inventory those assets, identify risks and common hazards
- Demonstrate the ability to apply risk and hazard frameworks to common cyber threats, as well as demonstrate mastery of the basic principles of information assurance
- Will describe methods that can be used to identify the symptoms of risk; how project variables impact risk; of how to assign value, criticality, and impact to key IT assets; risk quantification, the quantitative and qualitative methods of risk quantification, hazard likelihood, asset vulnerability, risk impact, risk prioritization, and risk tolerance
- ISO/IEC code of practice; demonstrate understanding of risk control mechanisms including methods for risk limitation, risk detection, risk recovery, and risk plan monitoring
- How to use these risk control strategies and other cyber security controls within an organization; organizational security policies as well as compliance with industrial standards such as FISMA, COBIT, and PCI; and to communicate the basics of business continuity.