The discipline "Information Security Management" consists of two modules. The first
considers the possibility of creating effective management of information security incidents
according to international standards by considering the theoretical foundations of IS management,
PDCA model and stages of effective management of information security incidents according to
international standards ISO 27035 and ISO 18044. The features of incident management according
to the requirements of the international standard ITIL, the concept of IS incident response team
(CERT / CSIRT), tools for the effective functioning of IS incident response teams are proposed for
consideration.
Within the framework of the second module of the discipline the possible formulation of
problems of information risk analysis and management in the organization of the information
security regime in companies is considered. The international concept of information security is
considered, as well as various approaches and recommendations for solving the problems of risk
analysis and management. An overview of the main standards in the field of information protection
and risk management: ISO 17799, ISO 15408, BSI, NIST, MITER is given. The relationship
between the tasks of security analysis and intrusion detection with the task of risk management is
shown. Technologies for assessing the effectiveness of information security in companies are
presented.
The purpose of the discipline is to form theoretical knowledge of the basic principles of
incident and risk management based on the requirements of international regulators.
The results of the study of the discipline are the acquisition of skills in the use of modern
software for the evaluation, analysis and protection of information that is processed in information
and communication systems from modern threats and incidents
- Лектор: Старкова Ольга Володимирівна