This course covers the principles and techniques of information systems security to help management mitigate the risks of unauthorized access by employees and external parties as well as the risks of accidental leakage or destruction of important information. Topics include information systems risks, internal controls, security policies and standards, incident management, network security, cryptography, application security and disaster recovery planning. There will be an emphasis on protecting electronic commerce applications and data. The course would also be helpful to those who want to write the examination for the Certified Information Systems Security Professional or Certified Information Security Manager designation.