Information security management – managing a small business security
A1 – Critically discuss the nature and purpose of information security related risk management and business continuity planning in an organization, including the importance of quantifying risks and assessing the costs and benefits of putting in place risk management measures.
A2 – Explain the purpose and role of information security policies in an organization and their relationship to auditing.
A3 – Critically discuss the issues and problems arising in and from the introduction and implementation of information security policies within organizations, strategies for overcoming these, ethical and legal considerations, and mechanisms for ensuring that policies have been successfully embedded in the organization