IT SECURITY & RISK MANAGEMENT (3 SCU)

Learning Outcomes :

Upon successful completion of this course, students are expected to be able to explain the fundamental concept of information security and information security risk management, describe the information security risk assessment process, analyze issues related to information security risk; analyse the design, implementation and monitoring of information security risk management.

Topics :

This course is designed to provide comprehension of IT security and risk management concept and frameworks that provide support for managing IT risk with security as the focus. The course will introduce some standards and frameworks such as COBIT, Risk IT, ISO 31000, and ISO 27001. In addition, this course is also intended to provide the students fundamental and comprehensive concept on IT security. Topics covered information security management system, IT risk portfolio, risk assessment, data gathering, and risk analysis.