You must complete all assignments and pass exams for the following fifteen modules:
Improving Key Interpersonal Skills
12. Marketing (Foundations)
Marketing is the cornerstone of most modern businesses. Lack of marketing knowledge is frequently the reason why a good business concept does not succeed. This module deals with all aspects of marketing from presentation and packaging, to advertising and selling, developing in you an acute awareness of what is needed to achieve and maintain a good market share.
13. Computer Networking Foundations
- Networking Terms, Concepts and Standards
- Network Topology, Architecture and Transmission Media
- Network Components and Hardware
- Network Design and Planning
- Network Upgrading and Project Management
- Network Protection and Maintenance
- Understanding Network Connecting Options
- Installation and Configuration of Network
- Basic TCP/IP Services and Applications
- Troubleshooting Tools for TCP/IP Networks
14. Research Project I
The Research Project involves some theoretical studies followed by designing, conducting and writing up research on a relevant topic. Selection of the topic, and progress in this project is monitored and guided by a tutor.
15. Industry Meetings (100 hours)
Industry Meetings involves attendance at committee meetings, seminars, conferences, exhibitions, trade shows, or any other events that are relevant. The student needs to submit documentary proof of attendance (eg. references, testimonials, receipts etc).
A few decades ago, when information technology was not being as widely used as today, organisations were using other traditional and basic methods for supporting their missions, such as pen and papers, letters, folders, written invoices, etc. In today’s digital era, every organisation is still defined by its own mission, but the only difference is that it is highly likely to use information technology systems to process its information, to better support their mission. Risk management is the process of assessing, mitigating and evaluating any risks to the information technology systems of the organisation in order to better support its mission and keep its information and its assets as secure as possible.
If risk assessment fails to identify a particular risk to the IT system of the organisation and that risk strikes at some stage (such as floods, for example), it is highly likely that the organisation will be unable to perform its mission and that it will go out of action for a period of time whereby it wouldn’t be able to conduct its business.
The importance of Risk Management
We have stated in the previous section that risk management is a process that involves three distinct processes which are: assessing the risks, mitigating the risks and evaluating the risks.
Risk management is an important factor for the survival and growth of any organisation or business because it allows IT managers and upper management to balance the operational costs and economic costs of protective measures. By carrying out effective risk management, they can achieve gains in mission capability by protecting the IT systems and data that the support the mission (or missions) of the organisation.
In every well-established organisation, senior management should ensure that the organisation possesses the skills, strengths and capabilities required to accomplish its mission. Before an organisation can achieve its mission, it must first face a number of real world threats and be able to mitigate those threats in order to achieve its mission. It is the task of the mission owners (i.e. the organisation’s senior management) to determine the security capabilities that their IT systems must have in order to provide the desired level of mission support in face of real world threats. This is not always an easy task, because most organisations will have relatively tight budgets for IT security. This means that any spending related to IT security should be thoroughly reviewed to make sure money is being spent efficiently.
Note that risk management is not unique to the IT environment only. It is applied in everybody’s daily lives such as in home security systems whereby a person would invest on a home security system to protect their belongings.
In this section, you will learn about the key players in the risk management process in an organisation and the role that each of those would play in supporting and participating in the risk management process.
1. Senior Management
Senior management has the responsibility of ensuring that the required resources are applied in order to assist the organisation in accomplishing its mission.
Senior management is always focused on the mission of the organisation, and this would involve assessing and incorporating the results from the risk assessment activity into their decision making process. It is important to note that senior management is most likely non-tech savvy, and it is therefore the role of chief technology officers or chief information officers in the organisation to translate the technical requirements and technical analysis into simpler terms, without employing much technical jargon, so that senior management would understand what’s going on and plan accordingly.
2. Chief Technology Officer (CFO) and/or Chief Information Officer (CIO)
The role of chief technology officers and chief information officers in an organisation is not only limited to liaising with senior management and explaining to them what’s going on with regards to the IT systems and security measures being implemented. That’s because the CIO and/or CTO in an organisation is responsible for the planning, budgeting and performance of the information technology systems of that organisation. Any decisions made by the CTO and the CIO should be based on the risk management program implemented in that organisation.
3. System owners and information owners
System owners and information owners are people responsible for preserving the integrity and confidentiality of the information technology systems as a whole, as well as the data they own. They are also responsible for the availability of the IT systems and their own data. This means that the system and information owners are responsible for any changes implemented to their information technology systems such as major enhancements and changes to the IT systems, including changes to the hardware and software components.
4. Business Managers
Business managers and functional managers are responsible for the information technology procurement process and are therefore active players in the risk management process. The business and functional managers in an organisation hold the power and authority to make decisions to aid the organisation to accomplish its mission. They have the responsibility to ensure the organisation’s mission is accomplished with minimal expenditure of resources, while maintaining the appropriate security level for IT systems.
5. Information Technology Engineers, Administrators and Security Practitioners
Information technology security practitioners include but are not limited to network engineers, network administrators, IT systems engineers, IT systems administrators, computer specialists, security analysts, application administrators, database administrators, and security consultants. The main responsibility for these people is to ensure that the security requirements of their IT systems are properly implemented.
As organisations grow in size, and expand their facilities and IT infrastructure (such as expanding the network, modifying the existing infrastructure, implementing new policies in the organisation or introducing new technologies), information security practitioners should work on identifying new potential risks to the IT systems, and implementing new security controls to protect those systems.