Course Description:
This course examines the practical challenges of assessing and managing information security risks when developing an enterprise information security program.  Based upon OMB, NIST, and DOD risk management guidance, the course addresses the key components of an organization’s information security program including the identification, assessment, mitigation, and acceptance of risk.  The course builds upon fundamental information assurance concepts and information security technology, integrating them into scalable, practical working solutions for defending the enterprise.  Security program components, including configuration, incident, system lifecycle, and acquisition are examined from a risk management perspective.  Other topics include program and system security planning, risk assessment, policy, control/countermeasure selection, and continuous performance measurement and monitoring.

Recommended Attendance:
This course is appropriate for managers and practitioners who require a practical perspective on the management of an enterprise information assurance program. 

Prerequisites
None; however, students should take this course as the last course in the NSTISSI No. 4011 Certificate.

Learning Outcomes
Students will be able to recommend an information security program strategy and structure based upon their assessment and management of risks.