Reflection

Course Name:

ISOL 533 – Information Security & Risk Management

Course Description:

The course includes a discussion on security policies that can be used to help protect and maintain a network, such as password policy, e-mail policy, and Internet policy. The issues include organizational behavior and crisis management.

Course Objectives/Learner Outcomes:

Course Objectives/Learner Outcomes:

Upon completion of this course, the student will:

0. Explain the basic concepts of and need for risk management.

0. Explain methods of mitigating risk by managing threats vulnerabilities, and exploits.

0. Identify compliancy laws, standards, best practices, and policies of risk management.

0. Describe the components of an effective organizational risk management program.

0. Describe techniques for identifying and analyzing relevant threats, vulnerabilities, and exploits.

0. Describe the process of performing risk assessments.

0. Identify assets and activities to protect within an organization.

0. Identify threats, vulnerabilities, and exploits.

0. Identify risk mitigation security controls.

0. Describe concepts for planning risk mitigation throughout an organization.

0. Describe concepts for implementing a risk mitigation plan.

0. Perform a business impact analysis.

0. Create a business continuity plan (BCP) based on the findings of a given risk assessment for an organization.

0. Create a disaster recovery plan (DRP) based on the findings of a given risk assessment for an organization.

0. Create a computer incident response team (CIRT) plan for an organization.

Prerequisites:

There are no prerequisites for this course.

Books and Resources:

Required Text

· Gibson, Darril. Managing Risk in Information Systems, 2nd edition. Burlington, MA: Jones & Bartlett, 2015

· Jones & Bartlett Learning lab manual along with the courseware. Student Lab Manual*

Recommended Materials/Resources

· Judy Bell

· Disaster Survival Planning: A Practical Guide for Businesses

· Thomas S. Coleman A Practical Guide to Risk Management

· Kenneth L. Fulmer and Philip Jan Rothstein

· Business Continuity Planning, A Step-by-Step Guide with Planning Forms on CD-ROM

· Ole Hanseth, et al. Risk, Complexity, and ICT

· Susan Snedaker Business Continuity and Disaster Recovery Planning for IT Professionals

· Other References

· COBIT This URL contains information regarding COBIT from ISACA. http://www.isaca.org/cobit/pages/default.aspx

· CIPA This Web site contains information on the Children’s Internet Protection Act from Federal Communications Commission. http://www.fcc.gov/cgb/consumerfacts/cipa.html

· FERPA This URL provides information regarding the Family Educational Rights and Privacy Act from the U.S. Department of Education. http://ed.gov/policy/gen/reg/ferpa/index.html

· FISMA This URL contains actual final version of the Federal Information Security Management Act. http://csrc.nist.gov/drivers/documents/FISMA-final.pdf

· GLBA This URL provides information regarding the Gramm-Leach-Bliley Act from the Federal Trade Commission. http://www.ftc.gov/privacy/privacyinitiatives/glbact.html

· Guide for Conducting Risk Assessments This URL contains NIST recommendations for conducting risk assessments for enterprise-wide risk management. http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

· Health Information Privacy This URL provides information regarding the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, from the U.S. Department of Health and Human Services. http://www.hhs.gov/ocr/privacy/

· ITIL This Web site is an official site of for the Information Technology Infrastructure Library from AXELOS, which contains information on ITIL and provides a cohesive set of best practice, drawn from the public and private sectors internationally. http://www.itil-officialsite.com/home/home.asp

· PCI This Web site is an official site of the PCI Security Standards Council, which provides details on payment card industry security standards. https://www.pcisecuritystandards.org/index.shtml

· Risk Management Framework Overview This Web page provides an overview of the NIST Risk Management Framework (RMF), with links to related resources. http://csrc.nist.gov/groups/SMA/fisma/framework.html

· Risk Management Association This Web site contains information on the RMA, which is a non-profit organization focusing on all aspects of risk management throughout the enterprise. http://www.rmahq.org/ about-rma

· SOX This Web site provides detailed information on the Sarbanes-Oxley Act of 2002. http://www.soxlaw.com/

· TechRepublic This Web site contains articles, videos, pictures, white papers, webcasts, and other downloadable materials on risk management. http://techrepublic.com/