Chat with us, powered by LiveChat

Explain the purpose and role of information security policies in an organization and their relationship to auditing.

Assessed intended learning outcomes

On successful completion of this assessment, you will be able to:
A1 – Critically discuss the nature and purpose of information security related risk management and business continuity planning in an organization, including the importance of quantifying risks and assessing the costs and benefits of putting in place risk management measures.

A2 – Explain the purpose and role of information security policies in an organization and their relationship to auditing.

A3 – Critically discuss the issues and problems arising in and from the introduction and implementation of information security policies within organizations, strategies for overcoming these, ethical and legal considerations, and mechanisms for ensuring that policies have been successfully embedded in the organization.

Assessment Brief 2

A4 – Explain and critically evaluate the relevance of standards legislature, certifications and accreditations in the area of information security, the standardization process, and the nature and roles of the various standards organizations.