ISET-4101: Risk and Security Management

Description
This course gives students guidance on planning and implementing a risk assessment and protecting business information. The course introduces students to the international code of practice for an information security management system (ISMS) ISO27002. This course also provides students with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO27001. Students will learn how to measure risk and how to ensure that proper levels of security are maintained for individual technology users, businesses, government, and other organizations. This course will cover different approaches for risk assessment and risk mitigation. Students will learn how to use a risk analysis matrix for performing both quantitative and qualitative risk analysis. Course covers key topics, such as Threat Vulnerability Analysis, risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities. Risk Management Strategies (Avoidance, Transference, Mitigation, Acceptance), Counter-Measures, and Cost Benefit Analysis of Info Security investments. Lecture: 2 hrs/week; tutorial: 2 hrs/week (optional); Lab: 1hrs/week.