IT RISK MANAGEMENT AND AUDIT (4 Credits)

 Learning Outcomes:

On successful completion of this course, student will be able to: Describe the fundamental concept of IT Risk Management and Auditing, and know its various frameworks/techniques of them; Describe the characteristics of various techniques of IT Risk Management and Auditing and understand how each of them works; Apply relevant frameworks/ techniques of IT Risk Management and Auditing according to individual cases/problems and perform evaluation; Analyse the results obtained from frameworks/ techniques of IT Risk Management and Auditing from several perspectives and able to provide suggestions to improve the system performance; Propose business continuity plan and IT auditing that can mitigate the IT infrastructure disruptions.

Topics:

1. Introduction to IT Risk Management and Audit; An Overview of Information Security and Risk Management;
2. Planning for Organizational Readiness;
3. Incident Response: Planning; Incident Response: Organizing and Preparing the CSIRT and Incident Detection;
4. Incident Response Strategies, Recovery, Maintenance and Investigations;
5. Disaster Recovery and Business Continuity;
6. Introduction to IT Auditing;
7. IT Auditing Techniques;
8. Frameworks, Standards, and Regulations in IT Auditing;
9. Enrichment Activity: Business Impact Analysis – Asset Identification, Threat Identification, Control Identification, and Mitigation Planning;
10. Enrichment Activity: Risk Assessment – Assessing Asset and Threat, Determine Likelihood, Calculating Risk;
11. Enrichment Activity: Guest Lecture – Contingency Planning;
12. Enrichment Activity: Auditing IT –  Auditing Controls to Protect Information Assets;
13. Enrichment Activity: Presentation – Project Presentation;
14. Enrichment Activity: Guest Lecture – Business Continuity.