Opinto-opas

Osaamistavoitteet

After completing the course the student can:
- explain the basic principles of information security risk assessment and risk management
- list the phases of information security risk management process
- classify information security risks by applying different approaches
- give examples of different information security risk assessment methods
- organize and conduct information security risk assessment to an SME sector enterprise or similar size organization
- analyze the results of information security risk assessment
- give justified improvement proposals to mitigate information security risks.

Sisältö

- The basic principles of information security risk assessment and risk management
- Information security risk management standard ISO/IEC 27005:2008
- Information security risk assessment methods and best practices
- Practical work