This course examines the strategic enterprise security analysis and planning process. This process begins with an examination of an enterprises goals and how security adds value. It proceeds through vulnerability, threat, and risk analysis. Issues related to risk response and policy generation are also covered. These issues are examined with in an enterprise's ethical and legal context.
Students are introduced to formal threat, vulnerability, and risk analyses methodologies. Formal methodologies enable an enterprise to demonstrate that its informational assets are secured in a prudent and cost effective manner.
Students utilize the NSA's IAM to perform an INFOSEC Assessment. Students also learn to analyze and construct appropriate security policies and procedures. Related subjects include security planning, security process models, as well as business continuity planning and disaster recovery planning.