Information Systems Security Management

Conceptual foundation: assets, threats, vulnerabilities, risk, availability, integrity, confidentiality. Managing information security in the digital era. Information security governance frameworks for organizations: ISO 27001, COBIT and other security standards (ISO 27002, ISO 27005). Information security risk assessment and management: information security requirements, risk analysis methods (OCTAVE, CRAMM, SBA scenario). Information security countermeasures: security policies and regulations, access control and authentication policies, advanced authorization policies, network security policies. Users‘ compliance with information security policies: relevant research and non-compliance factors, social engineering, personal internet use at workplace, passwords‘ behavior. Business continuity management, IT disaster recovery planning. Personal data protection directives and regulation