Information Assurance / Information Risk Management

This course provides an in-depth study of information assurance and information risk management covering risk management business challenges; implementing risk mitigation; and, developing risk mitigation plans. Part 1 lays the foundation for understanding risk management terms and techniques including how to recognize cyber-security threats, security vulnerabilities and vulnerability exploits. Part 2 covers defining risk assessment approaches, performing risk assessments, identifying and analyzing security threats, vulnerabilities, and exploits as well as identifying administrative, technical and physical controls that mitigate both information and technology risk; and, most importantly, how to turn risk assessments into executable risk mitigation plans. Part 3 offers direction on creating and implementing several different risk mitigation plans – Business Impact Analysis, Business Continuity, Disaster Recovery, and Computer Incident Response. Spring semester