Information Security and Management
Objectives and Requirements
The course provides an overview of the concepts and technologies, management and legal issues for the protection of data during processing, storage and transmission. It is important that information security requirements be understood at the organizational level; appropriate information security policy be derived; cost-effective information security solution be planned and deployed; and evidence to auditors be provided on how well an organization has performed when required.
After learning the course, the students should be able to:
1. describe threats in IT environment; and recognize the relationship of threat, vulnerability, countermeasure, and impact in organizational information security;
2. write basic information security policy for an organization and produce appropriate guidelines in implementing the policy;
3. recognize the information security management framework and the roles of Information Security Management Standards in this framework;
4 recognize the legal issues in information security.
Contents
Overview of Information Security: Risks and attacks, organizational requirements. Information Security Technologies: Access Control, Cryptographic techniques, Authentication and Public Key Infrastructures. Information Security Management: Policy, Risk Assessment, and Standards. Legal Issues: Computer Crimes and Forensics, Information Security Audits.
Credit(s): 3
Prerequisite Course(s): Operating Systems
