This course intends to make the student familiar with information security management. When you have finished with this course you will know more about:
• Governance: including the mission, roles and responsibilities of the InfoSec governance function, and the strategic planning process and InfoSec’s role in the organization’s strategic planning effort.
• You will understand the various types of InfoSec policies and how effective information security policy is created and used.
• Risk management and the risk management process
• Certain laws and ethical issues impacting information security in the organization. And some common information security management practices such as benchmarking and performance measures.
Welcome to the Management of Information Security
This module provides a welcome to the course and describes the course modules that follow. The lecture and reading will introduce you to the broad topic of security management and establish the basic terminology needed for later modules. Also, you will begin learning about the case company that you will use in an extended simulation that spans the rest of this course as you build on your learning by engaging in real world analysis and reporting on cybersecurity topics.
Governance and Strategic Planning in Information Security
In this module, you will explore how organizations organize the cybersecurity function and engage in strategic planning. This will include coverage of where the information security management team is placed in the organizational hierarchy, what functions does the CSO of an organization fulfill, as well as some explanation of the strategic planning function.You will also develop a simulated organizational plan in a report to executive management as part of the ongoing case study.
This module will define risk management and explore the processes used by organizations to identify and control risk. This will include basic techniques used to identify and assess risk as well as exploration of the risk control strategies that can be used to help control risk. You will also experiment with reading an industry standard risk report that you will summarize and analyze as you assess operational risk for higher management as part of the ongoing case-based project.
Regulatory Compliance, Law and Ethics
In this module you will learn about how organizations must manage the complex issues emerging from the rapidly changing legal and regulatory environment. It will include a short overview of the laws and regulations you should plan to learn about as well as an introduction to how ethics is encountered in the workplace. Then you will engage on a discussion on compliance with industry standards and governmental regulation as a means to move closer to a more secure work environment. As part of the ongoing case study you will be asked to advise management on an ethical dilemma currently facing some of the management team at CHI.
This module explores some of the other important elements commonly found in information security management programs. While you will not cover every security management topic, you will explore performance measurement, managing technical controls, and contingency planning. Then, you will assess and report on the proposed incident response plans of the simulated company as part of the ongoing case study.
In this module, you will synthesize the content in the course, complete a final exam, and complete your Capstone Project.
Dr. Humayun Zafar, Dr. Traci Carte, Herbert J. Mattord, Ph.D., CISM, CISSP, CDP and Mr. Andy Green