This course introduces students to the best practices for information systems risk management. Students will learn about classes of threats, including the consequences of each threat. Upon successful course completion, students will be able mitigate each of types of threats. This course provides a management perspective on how to protect information infrastructure and assets, utilizing a defense in depth model that emphasizes the role of people, processes, and technology. Information risk management provides decision-makers with the necessary skills to determine information security risk that helps in risk mitigation decisions. This course investigates the existing risk management frameworks, models, processes, and tools to equip students with the theory, science, and practical knowledge to operationalize risk management in private and government agencies. Topics include vulnerabilities and risks, risk identification, risk assessment, prevention, mitigation, recovery, and outsourcing and off-shoring risks. Students will examine cutting-edge risk management science to understand the future of information technology risk management.
MSCS641 Information Systems Risk Management