Official Course Description: MCCCD Approval: 07/22/08
ITS171 20046-20086	LEC	1 Credit(s)	1 Period(s)
Information Security Risk Management
Examination and assessment of risk management in an information technology environment. Identification and valuation of organizational assets. Risk identification to include types of threats and exposures to loss. Risk mitigation techniques, documentation methods and regulatory requirements. Prerequisites: ITS110.

Go to Competencies    Go to Outline
 

MCCCD Official Course Competencies:
ITS171   20046-20086	Information Security Risk Management

1.	Identify organizational assets. (I)
2.	Valuate and prioritize organizational assets. (I)
3.	Describe common causes of loss. (II)
4.	Describe risk mitigation techniques, documentation requirements and regulatory standards. (III)

Go to Description    Go to top of Competencies
 

MCCCD Official Course Outline:
ITS171   20046-20086	Information Security Risk Management

I. Identification and Prioritization of Assets A. Identifying assets by understanding a business plan B. Costs of system downtime C. Prioritizing systems and assets D. Calculating expected losses E. Justifying costs for securing assets F. Review of systems and audits G. Resource priorities by organizational structure II. Risk Identification A. Man-made threats 1. Viruses 2. Script Kiddie 3. Trojan Horses and malware 4. Inside and outside attacks B. Natural Disasters 1. Tornadoes, hurricanes, fires, and floods 2. Power outages and infrastructure malfunctions C. Technology Assets at Risk 1. Network resources 2. Server resources 3. Data resources III. Risk Management and Documentation A. Risk mitigation techniques B. Recording system vulnerabilities and corrective actions C. Essential documentation D. Policies and procedures and industry standards E. Legal, ethical, and fiduciary issues applicable to risk management

Go to Description    Go to top of Competencies    Go to top of Outline