Information security policies, models, mechanisms, and best practices. COBIT, HIPAA, SOX, and ISO standards as applied in an enterprise environment. Detection, prevention, and countermeasures of threats, attacks, exploits, and vulnerabilities. Risk management and analysis. Penetration testing tools and techniques. Computer and network forensics, and access control.