Data and information are among an organizations most valuable assets. Preserving them through effective information risk management is, therefore, an essential task along with other risk management areas such as currency hedging. This course will provide students with a comprehensive understanding of the concepts that underlie effective information security management including confidentiality, integrity, availability, vulnerabilities, threats, risks, and countermeasures. Historical approaches to security and risk management have become increasingly inadequate. Consequently, the evolution of methodologies focusing on software risk management at the enterprise level is receiving increasing attention and the need for comprehensive risk management programs has become a necessity. In addition to the legislation and regulations that impact information security, the course will teach standards and frameworks, both technical and economic, which facilitate efficient information security.pre-rec: INFO 301.