This course describes the business context in which a cybersecurity professional must function within an organization. Students examine the interplay between business process and cybersecurity issues in mitigating security threats. An overview of audit, compliance, regulation and liability for business security are provided, along with how to construct effective continuity and disaster recovery plans, is provided.
Upon completion of the course, students are expected to be able to do the following:
- Manage business decisions affected by changing and diverse external and internal security threats.
- Align security functions to business strategy, goals, mission, and objectives.
- Determine compliance requirements among contractual, legal, regulatory, privacy requirements, and industry standards.
- Outline legal and regulatory issues that pertain to information security in a global context in areas such as cyber-crimes and data breaches, licensing and intellectual property requirements, import/export controls, trans-border data flow, and privacy.
- Identify, analyze, and prioritize business continuity requirements through development of a scope and plan and business impact analysis.
- Implement disaster recovery processes and understand concepts of response, recovery personnel, communications methods, damage assessment, system restoration and training and security awareness.
- Address security concerns related to personnel safety, travel, security training and awareness, and emergency management.
- Develop a security awareness and training program.