Introduction to Information Security Management Systems provides the student with a solid foundation in the key elements that constitute information security management. The primary goal of this course is to provide students an overview of the technology, planning and organizational issues associated with implementing information security systems. There are multiple objectives for each semester that rely on the outcome of each group of courses. This course is a part of a sequence of academic courses designed to prepare students for the responsibilities of Information Security Management. The sequences begin with Information Security Management Consultation, then continue with Fundamentals of Information Security Management, and finally concluding with the master’s degree in information security management.
Information security management systems are designed to protect the confidentiality, integrity and accessibility of information. The primary goals of this course are to provide the student with an overview of the technology needed to protect information from security risks, and how these systems work. Students will also be introduced to the legal and ethical issues surrounding information security management systems. This course can be self-directed or instructed in a classroom setting.
An overview of the history of information security management systems begins with a brief discussion of the evolution of computer security. Then, the various theories of security are discussed, including deterrence, prevention, detection. The emphasis in this segment of the course is to familiarize the student with the various theories and concepts used in information security management systems. It is necessary for the student to understand that the security of a system cannot be guaranteed through total security. Various techniques such as login authentication, email security, firewall security, anti spyware security, and anti-virus protection are discussed.
A detailed look at the various forms of security is then given, beginning with corporate information security management. This segment focuses on protecting corporate data from security threats such as hackers. The importance of information security management is highlighted in that it involves the identification, prioritizing, monitoring, correcting, and preventing security threats. A survey is conducted to determine if the company has a good or bad security environment. The results are presented in terms of percentage of security threats versus the
amount of security breached in each security environment.
A discussion is then held on the benefits of securing a network. The benefits of securing a network are presented in the context of cost savings and efficiency of the network. The benefit of a highly secured system over a less secure system is determined by calculating the amount of time it would take for a security threat to compromise a system with a lower amount of security and the amount of money it would cost to implement a fully functional network security system with higher security measures. Security threats are presented in terms of what the business is facing directly and indirectly.
Finally, a short overview of information security management theory is given, reviewing the relationships among information security management theory, threats, and standards. It is hoped that this introductory course has been able to set out the basic framework upon which businesses can build their IT systems. It is hoped that businesses can be encouraged to take action to improve their information security posture. With regard to this, the report of the House of Commons Select Committee on Information Security and Cyber Crime recommended that: “the Government should work with industry to develop the next stage of the National Data Protection Strategy, which will provide businesses with the best available security advice to keep your business and your information secure”.