3 credit/unit hours – Three hours of lecture weekly; one term

This course explores multidisciplinary and applied approaches to managing information security risk. Students examine technical, social, economic, legal, and political risks and implement strategies to remove not only these risks, but communication barriers between strategic, operational, and tactical level decision makers.

This course also covers related government and industry regulations and standards, as well as effective practices frequently used to assess, analyze, and manage cybersecurity risks. Traditional cybersecurity risk management techniques are discussed alongside emerging strategies and topics such as the Internet of Things (IoT) and Cloud systems.

Learning Objectives

Upon completion of this course the learner will be able to:

  • Inventory an organization’s most critical information assets;
  • Assign a data owner and custodian to an information asset;
  • Assign classification values to critical information assets;
  • Evaluate risk management models for use in their own organization;
  • Perform a complete risk assessment; and
  • Prioritize risk remediation efforts as a result of performing a risk assessment

Main Topics

1.0 Cybersecurity risk is business risk

2.0 Identifying the threats to an organization

3.0 Identifying important business systems and assets

4.0 The crucial role of leadership in managing cyber risk

5.0 Understanding your technology

6.0 Cyber risk and the law

7. 0 Incident response and accountability

8.0 Designing and implementing a mitigation strategy