Security and Risk Management (ERMS) 690

Overview

The last decade’s rapid acceleration of network technology and the unparalleled growth of the Internet have led to increased risks to information and systems. Continuous advancements in technology and the relative ease with which people are able to access, manipulate, and store information has further compounded such risks, especially with organizations and societies heavily dependent on information and systems for survival.

This course explores the world of technology and information security from a risk management perspective. Through an understanding of history and the examination of trends in today’s technology landscape, the course investigates the sources of risk and its business implications. Practical hands-on methodologies on the handling of risks are covered, as well as the process of reviewing and developing security management plans and governance frameworks.

Outline

Week	Topic
1	Overview of Risk Management, Security, and Governance: overview of risk management and its life cycle business implications of security management, including risk and opportunity management (costs and benefits) understanding and reviewing risk management frameworks, standards, and practices
2	Overview of Risk Management, Security, and Governance: essentials of risk governance and legislation roles and responsibilities for security risk management articulating clear goals for enterprise risk management
3	Identifying Sources of Risk: understanding residual risks as well as threats, vulnerabilities, and organizational assets knowledge of different types of security threats and attacks physical versus logical security network, database, and application-level security
4	Identifying Sources of Risk: understanding security risks in enterprise processes and employees emerging sources of risk: outsourcing, cloud, critical infrastructure, and cyber security technology projects, the SDLC, and security risk planning
5	Dealing with Security Risks: anatomy of security threats and attack modelling security and the risk management life cycle quantitative vs. qualitative risk methodologies technical and non-technical risks management (security policies, standards, guidelines and governance)
6	Dealing with Security Risks: mitigation strategies and developing response plans (IRP, DRP, and BCP) technology projects, the SDLC and security risk design and management developing security in depth
7	Ongoing Management of a Secure Enterprise: review of your risk and security management program review of security policies, standards, guidelines, and procedures review of security and enterprise governance frameworks
8	Ongoing Management of a Secure Enterprise: documentation of lessons learned security awareness, training, and education

Objectives

By the end of this course, students should be able to:

1. Explain risk, the concept of risk management and how it may impact individuals and organizations.
2. Recognize potential sources of risk, whether on personal or corporate networks.
3. Analyze risks and understand steps to develop risk assessments.
4. Understand best practices and methods to combat risks, vulnerabilities, and threats.
5. Conduct an analysis of how information security risks impact businesses.
6. Develop plans to respond to security incidents and recover from related disaster.

Evaluation

Grading will be based on weekly Think Tank discussions / assignments (participation), and a final report.

To receive a passing grade in this course, you must meet these minimum standards:

• receive a minimum of 60% on the participation component (i.e., discussions in Think Tanks and assignments); and
• receive an average grade of 60% over all course components.

Marks for this course will be distributed as follows:

Activity	Weight
Assignment 1	30%
Assignment 2	10%
Assignment 3	20%
Participation in Think Tanks (Discussions)	40%
Total	100%

Materials

Physical course materials

The following course materials are included in a course package that will be shipped to your home prior to your course’s start date:

Gibson, D., & Igonor, A.  (2021). Managing risk in information systems (3rd ed.). Burlington, MA: Jones and Bartlett Learning.

Dempsey, T. (2015). Navigating the digital age: The definitive cybersecurity guide for directors and officers. Chicago, IL: Caxton Business & Legal, Inc.

Additional readings are provided in the course Digital Reading Room.

Important links

• Graduate Diploma in Management (GDM)
• Contact an Advisor
• Master of Business Administration
• Accelerated MBA for Executives
• MBA for Accountants
• MBA for Health Leaders
• MBA for Supply Chain Management