The last decade’s rapid acceleration of network technology and the unparalleled growth of the Internet have led to increased risks to information and systems. Continuous advancements in technology and the relative ease with which people are able to access, manipulate, and store information has further compounded such risks, especially with organizations and societies heavily dependent on information and systems for survival.
This course explores the world of technology and information security from a risk management perspective. Through an understanding of history and the examination of trends in today’s technology landscape, the course investigates the sources of risk and its business implications. Practical hands-on methodologies on the handling of risks are covered, as well as the process of reviewing and developing security management plans and governance frameworks.
Outline
Week
Topic
1
Overview of Risk Management, Security, and Governance:
overview of risk management and its life cycle
business implications of security management, including risk and opportunity management (costs and benefits)
understanding and reviewing risk management frameworks, standards, and practices
2
Overview of Risk Management, Security, and Governance:
essentials of risk governance and legislation
roles and responsibilities for security risk management
articulating clear goals for enterprise risk management
3
Identifying Sources of Risk:
understanding residual risks as well as threats, vulnerabilities, and organizational assets
knowledge of different types of security threats and attacks
physical versus logical security
network, database, and application-level security
4
Identifying Sources of Risk:
understanding security risks in enterprise processes and employees
emerging sources of risk: outsourcing, cloud, critical infrastructure, and cyber security
technology projects, the SDLC, and security risk planning
5
Dealing with Security Risks:
anatomy of security threats and attack modelling
security and the risk management life cycle
quantitative vs. qualitative risk methodologies
technical and non-technical risks management (security policies, standards, guidelines and governance)
6
Dealing with Security Risks:
mitigation strategies and developing response plans (IRP, DRP, and BCP)
technology projects, the SDLC and security risk design and management
developing security in depth
7
Ongoing Management of a Secure Enterprise:
review of your risk and security management program
review of security policies, standards, guidelines, and procedures
review of security and enterprise governance frameworks
8
Ongoing Management of a Secure Enterprise:
documentation of lessons learned
security awareness, training, and education
Objectives
By the end of this course, students should be able to:
Explain risk, the concept of risk management and how it may impact individuals and organizations.
Recognize potential sources of risk, whether on personal or corporate networks.
Analyze risks and understand steps to develop risk assessments.
Understand best practices and methods to combat risks, vulnerabilities, and threats.
Conduct an analysis of how information security risks impact businesses.
Develop plans to respond to security incidents and recover from related disaster.
Evaluation
Grading will be based on weekly Think Tank discussions / assignments (participation), and a final report.
To receive a passing grade in this course, you must meet these minimum standards:
receive a minimum of 60% on the participation component (i.e., discussions in Think Tanks and assignments); and
receive an average grade of 60% over all course components.
Marks for this course will be distributed as follows:
Activity
Weight
Assignment 1
30%
Assignment 2
10%
Assignment 3
20%
Participation in Think Tanks (Discussions)
40%
Total
100%
Materials
Gibson, D., & Igonor, A. (2021). Managing risk in information systems (3rd ed.). Burlington, MA: Jones and Bartlett Learning. (Print)
Dempsey, T. (2015). Navigating the digital age: The definitive cybersecurity guide for directors and officers. Chicago, IL: Caxton Business & Legal, Inc. (Print)
Additional readings are provided in the course Digital Reading Room.
Athabasca University reserves the right to amend course outlines occasionally and without notice. Courses offered by other delivery methods may vary from their individualized study counterparts.