Foundations of Information Security Management for Non‑Technical Professionals: a management perspective

Course overview

Description generated based on course syllabus and open data.

The material covers the foundations and practice of information security management for non‑technical professionals: terminology, roles, policies, risk, controls, and metrics within security governance and cybersecurity.

Who it suits in information security management for non‑technical roles, and who it does not

Suitable (non‑technical roles in ISM)

• Managers and leaders without a technical background who are responsible for information security.
• Business process owners, risk and compliance managers.
• IT leaders coordinating policies and controls.
• Data protection officers, CISO assistants, audit coordinators.

Not suitable (when deep technical detail is required)

• Those seeking engineering‑level configuration details of security tools.
• Developers needing secure coding practices with code examples.
• SOC/DFIR specialists requiring tool‑level incident response methods.

Problem → outcome in information security management (for non‑technical)

• Fragmented requirements and policies → aligned security governance and control framework.
• Unclear roles and responsibilities → defined asset, process, and control ownership.
• Unidentified risks → prioritized risk register and treatment plan.
• Lack of metrics → baseline KPI/KRI set for IS monitoring.
• Ad‑hoc initiatives → PDCA cycle and continuous improvement.

Comparison with alternatives in IS management

• Self‑study of standards (ISO/IEC 27001, NIST CSF) — comprehensive theory; interpretation needed for non‑technical roles.
• Technical engineer‑focused courses — deep technologies; less emphasis on policies, roles, and management processes.
• External consulting — point recommendations; may not provide a holistic view of IS management foundations and practices.

Outcomes and competencies in the basics of information security management

• Understanding of roles and responsibilities: asset owner, CISO, controller, process manager.
• Familiarity with policy management principles, procedures, and control activities.
• Basic approaches to risk assessment, risk register, and treatment plans.
• Overview of ISO/IEC 27001, ISO/IEC 27002, NIST CSF, and related compliance requirements.
• Metrics and reporting: KPI/KRI, thresholds, dashboards for managerial decision‑making.
• Continuous improvement processes (PDCA) aligned with business objectives.