Information+Security+I+-+A+Managerial+Perspective

=**Information Security I - A Managerial Perspective**= Sunday, November 20, 2011 <>

Topic overview:
Information Security is a management problem first and a technical problem second. Fortunately, effective information security management is primarily an exercise in risk management, which is a relatively straightforward and well-understood area of management practice.

In class today we will look at the fundamentals of Information Security and a risk management-based approach to identifying and mitigating information security threats. This will be a minimally technical talk that is intended to provide perspective for analyzing information security technologies and managing the kinds of information security risks that you are likely to encounter in a business setting. We will explore a variety of emerging information technologies related to information security (and security in general) in the following class.

By the end of today's class you should be able to:
 * Explain why information security is a management issue first and a technology issue second.
 * Apply simple risk management techniques and frameworks to uncover the largest information security risks in an organization, and to focus your information security resources appropriately.
 * Explore the information security technologies and techniques we will cover in Tuesday's class in the management and technical context.

**Preparation for class:** Prior to class on Sunday you need to download and read the following paper from Blackboard's Course Documents Section:
 * [AD03] Robert Austin and Christopher Darby, The Myth of Secure Computing, Harvard Business Review, June 2003.

This paper was distributed in hard-copy in class. Due to copyright restrictions it is not posted on this website or on Blackboard's digital reserve section. If you did not receive a copy please see the instructor to get one.

**Reference materials:**
Slides:

**Pre-class exercise:** There is no required pre-class exercise today.