Abstract
This subject provides students with a thorough background in IT security risk management issues. Comprehensive selections of risk management techniques for IT security are covered, including quantitative and qualitative methods. Other topics include security decision-making, risk mitigation, risk transference and business continuity planning.
Syllabus
Information security basics.Fundamental security rules.Security decision making.Practising security.Foundations of risk management.Quantitative risk assessment.Qualitative risk assessment.Risk mitigation.Risk transference.Business continuity planning.
Learning outcomes
Upon successful completion of this subject, students should:
1.
be able to justify the goals and various key terms used in risk management and assess IT risk in business terms;
2.
be able to apply both quantitative and qualitative risk management approaches and to compare and contrast the advantages of each approach;
3.
be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk;
4.
be able to critically evaluate IT security risks in terms of vulnerabilities targeted by hackers; and
5.
be able to evaluate and explain the benefits of using intrusion detection systems, firewalls and vulnerability scanners to reduce risk.
Assumed knowledge
An understanding of information security concepts at the level of ITC595.
Enrolment restrictions
Only available to postgraduate students.