Information security managment – managing a small business security
Critically discuss the nature and purpose of information security related risk management and business continuity planning in an organization, including the importance of quantifying risks and assessing the costs and benefits of putting in place risk management measures.
Explain the purpose and role of information security policies in an organization and their relationship to auditing.
Critically discuss the issues and problems arising in and from the introduction and implementation of information security policies within organizations, strategies for overcoming these, ethical and legal considerations, and mechanisms for ensuring that policies have been successfully embedded in the organization.
Explain and critically evaluate the relevance of standards legislature, certifications and accreditations in the area of information security, the standardization process, and the nature and roles of the various standards organizations.