Course overview
The course Information Risks, Threats, & Controls consider a broad perspective of organisational vulnerabilities of the digital age, including Enterprise Risk Assessment. Topics addressed include recognition, analysis, and synthesis of risks, threats, and vulnerabilities, and measures to mitigate them, including policy, control, and implementation. Risk management and assurance are critical to all aspects of all businesses and on a broad level. While this course acknowledges the need to recognise and analyse risks, threats, and vulnerabilities across and within the various disciplinary structures of an organisation, (including fiscal risk, brand and reputation, production, operations, legal, and OH&S) it does so from the perspective of the responsibility for Information and Cyber Security plans to support and ensure the risk management of other departments and disciplines. The focus, throughout, is specifically on Information & Cyber Security and Data Privacy.
Course learning outcomes
- Effectively communicate the differences between risk, threat and vulnerabilities, how they interrelate, and the principal means of recognising them.
- Identify and communicate to clients the different types of risks and their nature, across the various core business functions and processes.
- Demonstrate different methods of conducting risk analyses and impact assessments.
- Detail the core requirements of an Information Risk Assurace process for an SME and for a corporation or large business.
- Develop an Information Security Framework for a specified business.