This course examines risk management practices and principles to improve information security.  The course provides education on information security risk identification, evaluation, and related response decisions given resource constraints. Students will learn foundational concepts in risk management and economic valuation and will be introduced to standard risk management approaches for identifying, analyzing, responding, and monitoring risks. Both qualitative and quantitative approaches will be examined.

Syllabus

https://api.heinz.cmu.edu/courses_api/course_detail/95-755/

Class format

Lecture and project-based 

Home department

Heinz

Target audience

Students in the Master of Information Systems Management program.

Background required

None

Learning objectives

• Build on a foundational understanding of risk management to include the definitions of risk, related elements, risk management, response, etc.
• Identify standards and other literature that provide direction on how to conduct analysis and manage uncertainty. 
• Implement the OCTAVE Allegro and FORTE process methodologies.
• Explore the use of other methodologies and tools for risk management. 
• Research and analyze those factors that are important to the successful implementation of a risk management program within an organization.
• Develop and justify practical strategies, tools and practices that can lead to an adaptive approach to risk management in a variety of settings, scales, and diverse industry applications.

Faculty and instructors who have taught this course in the past

Adam Cummings, James Stevens