Information Security Governance

Course Description:
This course focuses on managing security and privacy of Information Systems (IS). The main phases of the ISMS (Information Security Management System) implementation are described. The requirements of the information security management standards (e.g. ISO 27001, 27002, ISO15408, ETSI-TVRA) as well as the main steps of the risk assessment / risk management methodologies (e.g. OCTAVE, CRAMM, ISO 27005, ISO18045) are presented. The second part examines the governance of information security involving the evaluation of the implementation of the security and business continuity standards (eg ISO 22301) based on the business needs of the organization. For this purpose the standard COBIT 5 is presented for the specialization of operational needs (goal cascade) to IT goals.

More specifically this course covers the following topics:
• Basic concepts and terminology
• Risk Assessment Standards
• Methodologies and Risk Management Tools
• Security Policies and Procedures
• Security Auditing and Certification
• Implementing Legal and Policy Requirements
• Business Continuity
• Incident Handling
• Supply Chain Security
• Tools for Supply Chain Risk Assessment
Scope of the course: The aims of the course are to become familiar with the:
• security management standards and tools
• risk assessment methodologies and tools
• standards and procedures for business continuity and disaster recovery
• audit and security certification


Course Coordinator: Despoina (Nineta) Polemi