Information Security Management
Course Overview
Information security is an increasingly important, but often misunderstood, reality for organisations. The purpose of this module is to raise awareness of the importance of information security, teach the skills necessary to develop and manage an information security framework, and learn how to assess and protect the organisation from threats and vulnerabilities. The information in this module is based on the ISO/IEC 27001:2005 and 17799:2005 set of standards. As such, it will also cover ISO/IEC terminology, compliance, and guidelines for benchmarking security practices.
Key Content- What is information security management?
- Why is information security so important?
- Recognising threats to information security.
- How to recognise, control, and protect against potential vulnerabilities.
- ISO/IEC 27001:2005 and 17799:2005 standards:
- Terminology.
- Key content.
- Compliance conditions.
- How to benchmark information security to these standards
- Devising an information security framework.
- Quantifying and Assessing risk.
Learning Outcomes
At the completion of this package, learners should be able to:- Explain the importance of information security and information security management.
- Identify potential threats to information security.
- Identify vulnerabilities to an information security framework, and implement responding security measures.
- Describe the ISE/IEC 27001:2005 and 17799:2005 standards.
- Comply with the standards and be able to benchmark information security protocols against these standards.
- Develop an information security framework that is appropriate for the organisation and its specific needs, threats, and operating environment.
- Quantify and assess risks the information security framework may encounter.