Information Security and Risk Management
Course code
old course code
Course title in Estonian
Infoturbe- ja riskihaldus
Course title in English
Information Security and Risk Management
ECTS credits
Assessment form
lecturer of 2021/2022 Spring semester
lecturer not assigned
lecturer of 2022/2023 Autumn semester
lecturer not assigned
Course aims
Provide an overview of cyber, information security and risk management methodologies. Create prerequisites for developing knowledge and skills for assessing cyber risks, building, monitoring and improving information security management system (ITHS), as well as for evaluating organizational needs, goals, security requirements, business processes and size and structure of ITHS design and implementation. Also form the ability to assess the volume and scope of the ITHS implementation, taking into account the needs and capabilities of the organization.
Additional topics include monitoring activities, administration of IT service contracts (SLAs), risk communication, explaining the need for training and documentation and more general monitoring of the risk environment, and introducing the basic principles of risk-based auditing.
Brief description of the course
Introduction to information security (scope, terms, concepts and definitions of information security). General risk analysis. Mapping of information security risks, identification of threats, risk analysis, identification of possible risk handling methods. Information security management measures, information security policies and standards. Nature of reference security, ISKE and its implementation. Choice of security measures and creation of ITHS. Incident management, communication, reporting and sustainability. Compliance with security regulations. Monitoring and auditing of information security. ISKE audit.
Learning outcomes in the course
Upon completing the course the student:
- knows the basic concepts of information security and risk management, relevant frameworks, standards and methods;
- can map enterprise information assets, define security threats and perform risk analysis;
- is able to develop information security policy, plan security measures and draw up a sustainability plan.
Hillar Põldmaa