IS 433: Information Security Management

Managing information assets and the security function. Emphasis on managing security-related risk, as well as the process of developing, implementing, and maintaining organizational policies, standards, procedures, and guidelines as they relate to security. Role of the CISO. Identifying and evaluating information assets, threats, and vulnerabilities. Quantitative and qualitative risk analysis, risk mitigation, residual risk, and risk resolution, as they relate to information security. Incident response. Consideration of the role and implementation of security controls during the process of analysis, design, and development. The application of policy development principles to security risk management. Introduction to compliance, as well as the CISSP domains.