This course examines the principles of Risk Management and Response by delving into what risk management is in relation to information security, and how organizations respond to risk. The course will examine the need for risk management and how the tools 'analysis and assessment' are employed to identify risk that affects an organization’s information systems. The course will then examine how organizations respond to identified risks with the contingency planning tools: Business Impact Analysis, Incident Response, Disaster Recovery, and Continuity of Business. A key element is learning to effectively communicate cybersecurity risk and response to stakeholders.

Prerequisites: Cybersecurity Management 301 and Cybersecurity Management 303 and Cybersecurity Management 305 and 2nd year standing required
Corequisites: Academic Integrity Training 100
Further information: Course availability and times