Information Security ManagementLaajuus (5 cr)

Objective

Information securityis a strategic, tactical and operational objective of almost any enterprise or organization. Information Security risks are related both to the use of IT-technology in business operations and to non-technical things, e.g. to the behavior of the organization’s personnel and business processes.After completing this course the studentis able to assessandplan for developments in organization's information security management practicesis able to classify various information security threats by using appropriate methodsis able to discuss the current state of organization's information security and its development with justified argumentation based on quality process (PDCA cycle)is able to perform an audit on information security management and write a report on it

Content

Contents:Information Security Management System (ISMS) and PDCA cycleAuditing and certification prosessesStandards and best practices for information security management systems including ISO/IEC 27001:2013, COBIT and ITIL