Scribd
Upload
51 views2 pages

Security Risk Management Principles

Uploaded by

Jaya R
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
51 views2 pages

Security Risk Management Principles

Uploaded by

Jaya R
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Course Course Course L T P C

21CSC308T SECURITY RISK MANAGEMENT PRINCIPLES C PROFESSIONAL CORE


Code Name Category 3 0 0 3

Pre-requisite Co- requisite Progressive


Nil Nil Nil
Courses Courses Courses
Course Offering Department School of Computing Data Book / Codes / Standards Nil

Course Learning Rationale (CLR): The purpose of learning this course is to: Program Outcomes (PO) Program
Specific
CLR-1: understand the fundamental knowledge about Security Risk 1 2 3 4 5 6 7 8 9 10 11 12 Outcomes
CLR-2: understand the various analysis on Security Risk Management

Individual & Team Work


Engineering Knowledge

Design/development of

Project Mgt. & Finance


Conduct investigations
of complex problems
CLR-3: understand the demand for IS Audit

Modern Tool Usage

Life Long Learning


The engineer and
Problem Analysis

Communication
CLR-4: understand the IT audit and its activities

Environment &
Sustainability
CLR-5: understand the techniques for implementing security in audit

solutions

society

PSO-1

PSO-2

PSO-3
Ethics
Course Outcomes (CO): At the end of this course, learners will be able to:
CO-1: acquire the knowledge on the fundamentals of Risk management - 3 - - - - - - - - - 2 - - -
CO-2: acquire the ability to apply various techniques for data collection - - - - - - - - - - - 2 - - -
CO-3: utilize the principles of data analysis - 3 - - - - - - - - - - - - 3
CO-4: acquire the ability to apply IS audit - 3 - - - - - - - - - 2 - - 3
CO-5: apply the knowledge gained on auditing methodologies - 3 - - - - - - - - - - - - 3

Unit-1 – Introduction to Risk 9 Hour


Introduction to Risk, Elements of risk, Information Security Risk Management Overview, Information Risk Management Activities, Risk Management and the Security Program, Drivers, Laws, Regulations, Threat
Source Leveraging a Vulnerability, Federal Information Security Management Act of 2002 (FISMA), Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), ISO 27001, ISO
27005, Risk Management Frame work, Practical Approach.
Unit-2 – Data Collection and Planning 9 Hour
Introduction to data collection, Planning – the essential element, The Sponsors, Characteristics of a good project sponsor, the project team, Factors that decide upon the size of the project team, Data collection
mechanisms, Collectors and Containers, Executive interviews, Questionnaire, Document requests, List of documents for the assessor, IT Assets inventory, Asset Scoping, Asset Scoping – Requirements, Techniques
involved in asset scoping, Profile survey, Control survey
Unit-3 – Data Analysis 9 Hour
Introduction to data analysis, Compiling Observations, Compiling Observations from Organizational Risk Documents, Format to collect your observations. List of the documents to encounter, Threat Catalog, List of
threat catalogs that can be used as references, Sample Threat Catalog, Vulnerability Catalog, Vulnerability Catalog types, Documentation process, Threat Vulnerability Pairs, Sample Threat and Vulnerability Pairs,
Confidentiality, Confidentiality Determination Matrix, Analyzing Confidentiality Determination Matrix, Developing Sample Confidentiality Determination Matrix.
Unit-4 – Information Security Audit 9 Hour
Demand for IS audit, Auditor Role, Auditee Role, Process of auditing information system, Preplanning the audit, Audit process Perform audit, Hierarchy of internal controls, gathering audit evidence, conducting audit
evidence, Reporting audit evidence, Strategy planning for organizational control, Issues register, Risk management tools, Distinct types of risk tools, Planning Performance

246
B.Tech / M.Tech (Integrated) Programmes-Regulations 2021-Volume-11-CSE-Higher Semester Syllabi-Control Copy
Unit-5 - Information Security Audit Analysis 9 Hour
Detailing Information Security Audit, Purpose of IS Audit, Expectation from IS Auditor, Steps to Conduct IS Audit, Classification of Audit, Traditional Audit, Difference Between Audit and Assessment, Relationship
Between Auditor, Auditee and Client; Their Duties, SLA Introduction, SLA Components, Auditing Firm Organizational Chart, Auditing Firm functionalities, Policy Vs Procedures Standard Vs Guideline, Basic Types
of Measurement Metrics, Members of Auditing Committee, Skills Matrix, Example, Audit Evidence, Examples, Direct and Indirect Evidence.

Learning 1. Evan Wheeler, “Security Risk Management”, Syngress ISBN: 97815, 2011 3. David L. Cannon, “CISA Certified Information Systems Auditor Study Guide”, John Wiley & Sons,
Resources 2. Bruce Newsome, “A Practical Introduction to Security and Risk Management”, 2013 ISBN: 978-0-470-23152-4, 2009.

Learning Assessment
Continuous Learning Assessment (CLA)
Summative
Formative Life-Long Learning
Bloom’s Final Examination
CLA-1 Average of unit test CLA-2
Level of Thinking (40% weightage)
(50%) (10%)
Theory Practice Theory Practice Theory Practice
Level 1 Remember 15% - 15% - 15% -
Level 2 Understand 25% - 20% - 25% -
Level 3 Apply 30% - 25% - 30% -
Level 4 Analyze 30% - 25% - 30% -
Level 5 Evaluate - - 10% - - -
Level 6 Create - - 5% - - -
Total 100 % 100 % 100 %

Course Designers
Experts from Industry Experts from Higher Technical Institutions Internal Experts
1. Mr.Arun.A, SRMIST

247
B.Tech / M.Tech (Integrated) Programmes-Regulations 2021-Volume-11-CSE-Higher Semester Syllabi-Control Copy

You might also like