Summary of CST339/CST233 INFORMATION SECURITY MANAGEMENT AND ASSURANCE

CST339/CST233 INFORMATION SECURITY MANAGEMENT AND ASSURANCE

This course exposes to the students the fundamentals of information security and assurance in modern organization. Student also will be introduced to the principles and planning techniques and development of managerial strategy for information security and assurance. It can be noted that information security in modern organization is management problem and not only the solution in the context of technology. In the planning and information security development aspects, students will be exposed to the planning for information security, planning for contingency, information security policy, the development of security programs.
In addition, models and practices of security management also will be explained. For the information security risk management, students will be exposed to the identification, evaluation, and information security risk management control. Student will be also exposed to the information security protection mechanism that is currently used. Student will be explained on information on human resources, the need of SETA (security education, training, and awareness), also the legal and ethics related to the information security management.

Lecturer: MOHD NAJWADI BIN YUSOFF @ ABDUL RAHMAN TS. DR.
Lecturer: SHANKAR A/L KARUPPAYAH TS. DR.

Skill Level: Beginner

General

Announcements

Course Planner

Coursework Marks and Grades

Lecture Notes

01 - Introduction to the Management of Information Security

02 - Compliance - Law and Ethics

03 - Governance and Strategic Planning for Security

04 - Information Security Policy

05 - Developing The Security Program

06 - Risk Management: Assessing Risk

06 - Recorded Lecture - Part 3

07 - Risk Management: Treating Risk

Recorded Chapter 7 - Part 1

Recorded Chapter 7 - Part 2

08 - Security Management Models

Recorded Chapter 8 - Part 1

Recorded Chapter 8 - Part 2

09 - Security Management Practices

Recorded Chapter 9 - Part 1

Recorded Chapter 9 - Part 2

10 - Planning for Contingencies

Recorded Chapter 10 - Part 1

Recorded Chapter 10 - Part 2

11 - Security Maintenance

12 - Protection Mechanisms

Recorded Chapter 12 - Part 1

Recorded Chapter 12 - Part 2

Recorded Chapter 12 - Part 3

Tutorials

Tutorial 1

Tutorial 1 Submission

Tutorial 2

Tutorial 2 Submission

Tutorial 3

Tutorial 3 Submission

Tutorial 4

Tutorial 4 Submission

Tutorial 5

Tutorial 5 Submission

Tutorial 6

Tutorial 6 Submission

Tutorial 7

Tutorial 7 Submission

Tutorial 8

Tutorial 8 Submission

Tutorial 9

Tutorial 9 Submission

Tutorial 10

Tutorial 10 Submission

Assignments

Assignment 1

Assignment 1 Grading Rubric

Report Submission (10%)

Slide Submission (5%)

Assignment 2

Assignment 2 - Rubrics

Report Submission (10%)

Slide Submission (5%)

Additional Materials

Malaysia Cyber Security Strategy 2020-2024

Modus Operandi Scam - Jabatan Siasatan Jenayah Komersil (JSJK)

Information Security Plan Template (Example)

Kilgore College's Information Security Plan

The University of Iowa's Information Security Plan

The Implementation of the Cyber Security Concept of the Slovak Republic

Information Security Strategic Plan - Minnesota IT Services

Michigan Technological University's Information Security Plan

SysArmy - Global Threat Intelligence Report

Accenture - Cyber Threat Intelligence Report

IBM - X-Force Threat Intelligence Index 2022

CrowdStrike - Global Threat Report 2022

The McAfee Consumer Mobile Threat Report 2022

FORTINET - Global Threat Landscape 2022

INTERPOL ASEAN Cyberthreat Assessment 2021

NIST SP 800-220 - Fiscal Year 2021 Cybersecurity and Privacy Annual Report

NIST SP 800-14 - Generally Accepted Principles and Practices for Securing Information Technology Systems

NIST SP 800-100 - Information Security Handbook: A Guide for Managers

CST339/CST233 INFORMATION SECURITY MANAGEMENT AND ASSURANCE