Information Risk and Security Management

Course description

This course prepares the scholars to employ the theoretical and conceptual underpinnings to improve information risk and security behavior to develop their skills in a work-related context in private, public or government enterprises. The course is designed to assess decisions and policies to improve information risk and security management. Scholars will be prepared to reflectively respond to the human factors of information risk and security management. The course will also cover security standards, evaluation and certification process; security planning. The course is aimed at imparting knowledge and skill sets required to assume the overall responsibilities of administration and management of security of an enterprise information system. Design detailed enterprise wide security plans and policies, and deploy appropriate safeguards at all the levels by providing due consideration to the life-cycle of the enterprise information systems and networks, as well as its legal and social environment.

Course outcomes

Upon the completion of this course, students will be able to:

• Understand the need for security risk-based management based on an understanding of opportunity costs, within the confines of regulation and client expectations
• Identify and develop awareness of risk sources involving people, processes, information, and technology
• Conceive enterprises through an understanding of the anatomy of attacks and the building of sustainable defense-in-depth to mitigate current and emerging attacks
• Review and develop an on-going and sustained approach to security risk-management throughout the enterprise
• Understand the need of security risk assessment approaches for their organization improvement

Course contents

Click the down arrow icon [ 🔽 ] to expand and collapse the course topics.

🔽 1 h 06 min | Information Security Risk Assessment Basics
  • Phase 1: Project definition
  • Phase 2: Project preparation
  • Phase 3: Data gathering
  • Phase 4: Risk analysis
  • Phase 6: Risk reporting and resolution
🔽 1 h 07 min | Security Risk Assessment Preparation
  • Introduce the team
  • Review business mission
  • Identify critical systems
  • Identifying threats
🔽 0 h 49 min | Introduction to Governance and Act on Risk
  • Information risk governance
  • Finding the right governance structure
  • Building internal partnerships
  • Legal
  • Privacy
  • Litigation
  • Intellectual property
  • Contracts
  • Financial compliance
  • Legal specialists within business groups
  • Human resources
  • Corporate security
🔽 0 h 46 min | Risk Evaluation and Mitigation Strategies
  • Risk evaluation
  • Risk mitigation planning
  • Policy exceptions and risk acceptance
🔽 0 h 44 min | Security Risk Assessment Reporting
  • Cautions in reporting
  • Pointers in reporting
  • Report structure
  • Assessment brief
  • Action plan
🔽 0 h 30 min | A Blueprint for Security
    • Risk in the development lifecycle
    • Analysis workflow
    • Goal of security architecture
    • Developing an architecture
    • Patterns and baselines


This course includes:

    5 h 01 min recorded video

    Downloadable resources (books and articles)

    One year access

    Access on mobile and TV

    Advanced Level

    Certificate of completion


1 year of access
This course does not have any sections.
Share this Course