This course covers the principles and techniques of information systems security to help management mitigate the risks of unauthorized access by employees and external parties as well as the risks of accidental leakage or destruction of important information. Topics include information systems risks, internal controls, security policies and standards, incident management, network security, cryptography, application security and disaster recovery planning. There will be an emphasis on protecting electronic commerce applications and data.