Covers the fundamentals of developing business rationales for information security (assurance) governance. Studies the development and implementation of IT strategies to integrate assurance functions to improve security, and ensure the preservation of the organization and its ability to continue to operate. Offers a comprehensive view of information security policies in business context and the psychology of implementation. Provides insight into governance, privacy, regulator mandates, business incentives, legal issues.
Upon successful completion of the course, students will be able to: Identify the role of an information systems security (ISS) policy framework; Analyze how security policies help mitigate risks and support business; Identify components and basic requirements for creating a security policy framework; Identify different methods, roles, responsibilities, and accountabilities of personnel, along with the governance and compliance of security policy framework; Recognize ISS policies associated with the user domain, IT infrastructure, risk management and incident response teams (IRT); Analyze social, legal and ethical issues represented by information technology environments.