+94 -11- 2581245/ 7

Information Risk Management and Audit

Course IDCourse NameCreditsSemester
MIS1103Security Management and Audit3First

Having completed this course the student will be able to:

  • understand the interactions between security concerns, business objectives and organizational processes.

  • have acquired profound knowledge about some of the existing models, analysis methods and tools for cryptographic protocols/access control/information flow: underlying assumptions, techniques, limitations, relationships.

  • systematically apply methods and techniques to evaluate security risk and ensure compliance with principles of governance.

  • plan and implement a risk management strategy and security audit


Operative risk, Risk tolerance and risk appetite, Risk analysis and vulnerability assessment, Cost/benefit analysis, Communicating risk and developing risk metrics, Identifying risk mitigations, Acceptance Criteria, Internal Control, Audit and Security,