O.5 Risk Management of Information Systems

From CyberEdWiki
Jump to: navigation, search

Risk Management of Information Systems is a critical topic area which forms the basis for applying information system security principles to an operational environment. Risk Management decisions are the embodiment of the organization's security culture and values as demonstrated through the willingness to commit resources to information system security capabilities.

Given the significant and growing danger of cyber security threats, it is imperative that all levels of an organization understand their responsibilities for achieving adequate information security and for managing information system-related security risks.

Specific topics to be covered in this knowledge unit include, but are not limited to:

  • Risk Models (e.g. NIST SP 800-39 Managing Information Security Risk)
  • Risk Processes (e.g. NIST SP 800-37 Risk Management Framework)

Outcome: Students will be able to identify, measure (quantitative and qualitative), and mitigate key information technology risks.

Outcome: Students will also be able to describe each of the tasks associated with risk framing, assessment, response and monitoring.