ISEC350 - Security Risk Management

Description:
Proper assessment, management, and mitigation of risk are essential to any information security strategy. Risks aren't just related to IT assets but to the overall business that the IT organization is supporting; thus, business continuity planning and impact analysis is also important. In this course, you will learn how to identify and analyze risks, determine compliance laws, risk assessment and mitigation, business impact analysis, and business continuity and disaster recovery planning.

Outcomes:

• Identify and define risk and risk management techniques
• Summarize compliance laws relevant to IT within a given industry
• Develop a risk management plan
• Perform a risk assessment
• Identify and evaluate threats, vulnerabilities, countermeasures, and mitigation recommendations
• Identify administrative, technical, and physical controls to reduce risk
• Perform a business impact analysis
• Create a business continuity and disaster recovery plan

Required Text(s):

Gibson, D. (2015) Managing Risk in Information Systems. (2nd ed.). Sudbury, MA: Jones & BartlettLearning. ISBN: 9781284055955 (print)