Course Descriptions
ITEC 6324
|
4011 certified
|
|
ITEC 6324
Information Systems Security - Risk Analysis and Management
|
This course examines the strategic enterprise security analysis and planning process.
This process begins with an examination the goals of an enterprise and how security
adds value. It proceeds through vulnerability, threat, and risk analysis. Issues
related to risk response and policy generation are also covered. These issues are
examined with in an enterprise's ethical and legal context.
Students are introduced to formal threat, vulnerability, and risk analyses methodologies.
Formal methodologies enable an enterprise to demonstrate that its informational
assets are secured in a prudent and cost effective manner.
Students utilize the NSA's IAM to perform an INFOSEC Assessment. Students also learn
to analyze and construct appropriate security policies and procedures. Related
subjects include security planning, security process models, as well as business
continuity planning and disaster recovery planning.
|
|
Learning Objectives
At the end of the course, students will be able to:
- Formally define: threat, vulnerability, and risk analysis
- Differentiate between quantitative and qualitative RA methodologies
- Identify and prioritize informational assets. Conduct an Information Criticality Analysis
- Perform a Business Impact Analysis
- Conduct formal vulnerability, threat, and risk analyses
- Make more informed information systems security policy and procedural evaluations
- Based upon a strategic process, develop appropriate information security policies
- Design a security education, training and awareness program
- Research/report the current information systems security regulatory and legal environment
- Distinguish legal issues in information systems security that can be analyzed by a computer security professional from those that require an attorney
- Conduct a security cost-benefit analysis
- Using the NSA's INFOSEC Assessment Methodology, conduct an INFOSEC assessment