Topic 1: Introduction to Information Security Management. |
- The strategic importance of information and digital assets.
- The information security management process.
- Definition of security policies, plans, and procedures.
- Information Security Professionals: competencies, training, and certifications. |
Topic 2: Risk Analysis and Management - The process of risk identification, analysis, and evaluation. |
- Review of major vulnerabilities and types of attacks on computer systems.
- Risk treatment.
- MAGERIT methodology.
- The model proposed by ISO 31000. |
Topic 4: Security Audits and Incident Response. |
- The information security audit process.
- Security incident management. |