MSC 5703 Information Security Risk Management

This course focuses on the importance of information security risk management as a tool for meeting business needs and developing an information security management program to support these needs while managing information risk to an acceptable level to meet the business and compliance requirements of the organization. Special emphasis is provided on business alignment based on the risk appetite and tolerance. Students in this course will learn the skills of risk identification, IT risk assessment, risk response and mitigation, and risk and control monitoring and reporting. Topics include; information security and risk frameworks and standards, data classification, information asset classification and ownership, risk assessment process, third party risk management, threat and vulnerability identification, supply chain risk, risk of noncompliance, gap analysis, security controls and measures, return on investment and cost justification, information risk reporting, business skills associated with how to advise the c-suite and board of directors on cyber risks, risk management lifecycle, data capture and analysis for making data-based risk management decisions.