CSS 230: Managing Risk in Information Systems

Course Description

This course will focus on the broad topic of risk management and how risk, threats, and vulnerabilities impact information systems. Areas of instruction include how to assess and manage risk based on defining an acceptable level of risk for information systems. Elements of a business impact analysis, business continuity plan, and disaster recovery plan will also be discussed. (3 credits)

Prerequisites

  • ITE 145: Fundamentals of Information System Security
  • ENG 101: English Composition 1

Student Learning Outcomes (SLOs)

Upon completion of the course, the students will be able to:

  1. Describe components of and approaches to effective risk management in an organization.
  2. Describe techniques for identifying, analyzing, and mitigating relevant threats, vulnerabilities, and exploits.
  3. Identify compliance laws, standards, best practices, and policies of risk management.
  4. Describe components of and approaches to effective risk assessments in an organization.
  5. Identify assets and activities to protect within an organization.
  6. Identify risk mitigation security controls and develop a risk mitigation plan.
  7. Perform a business impact analysis.
  8. Perform business continuity, disaster, and incident response planning.

General Education Outcomes (GEOs)

Please check the applicable GEOs for this course, if any, by outcomes at GEO Category Search, or by subject area at GEO Discipline Search.

Course Activities and Grading

AssignmentsWeight

Discussions

20%

Written Assignments

10%

Quizzes

15%

Projects

30%

Final Exam

25%

Total

100%

Required Textbooks

Available through Charter Oak State College's online bookstore

  • Gibson, Darril and Igonor, Andy. Managing Risk in Information System - with Access Code. 3rd ed. Burlington, MA: Jones & Bartlett, 2022. ISBN-13: 978-1284183719
    • Note: This is a bundle which includes the textbook and the Access Code required for this course. We discourage students from purchasing “used” materials from other sources due to access codes not working properly.

Additional Resources

The following books are suggested but not required.

  • Landoll, Douglas J., Information Security Policies, Procedures, and Standards: A Practitioner's REference, 1st ed., 2016, ISBN-13: 978-1482245899
  • Greene, Sari, Security Program and Policies: Principles and Practices, 2nd ed., 2014, ISBN 13: 978-0789751676
  • Zaffar, Ehsan, Understanding Homeland Security: Foundations of Security Policy, 1st ed., 2019, ISBN 13: 978-0367259044

Links and readings will be provided in the Course Documents and Webliography sections on Blackboard.

Course Schedule

Week

SLOs

Readings and Exercises

Assignments

1

1, 2

Topics: Risk Management Fundamentals and Threat Management

  • Readings:
    • Chapter 1: Risk Management Fundamentals
    • Chapter 2: Managing Risk: Threats, Vulnerabilities, and Exploits
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 1 Assignment
    • Evaluating Risk Handling Strategies
  • Complete Week 1 Lab (Optional)
    • Identifying and Exploiting Vulnerabilities

2

3

Topic: Understanding and Maintaining Compliance

  • Readings:
    • Chapter 3: Understanding and Maintaining Compliance
  • Read assigned chapter
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Project Part 1
    • Risk Management Plan Outline and Research
  • Complete Week 2 Lab (Optional)
    • Conducting a PCI DSS Compliance Review

3

1

Topic: Developing a Risk Management Plan

  • Readings:
    • Chapter 4: Developing a Risk Management Plan
  • Read assigned chapter
  • Participate in the Discussions
  • Review the Lecture material
  • Complete Quiz 1
  • Complete Week 3 Lab (Optional)
    • Preparing a Risk Management Plan

4

4

Topic: Key Components of Risk Assessment

  • Readings:
    • Chapter 5: : Defining Risk Assessment Approaches
    • Chapter 6: Performing a Risk Assessment
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Project Part 2
    • Risk Assessment Plan
  • Submit Week 4 Assignment
    • Risk Assessment Approaches
  • Complete Week 4 Lab (Optional)
    • Performing a Risk Assessment

5

5

Topic: Strategies for Mitigating Risk

  • Readings:
    • Chapter 7: Identifying Assets and Activities to Be Protected
    • Chapter 8: Identifying and Analyzing Threats, Vulnerabilities, and Exploits
    • Chapter 9: Identifying and Analyzing Risk Mitigation Security Controls
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Project Part 3
    • Risk Mitigation Plan
  • Complete Quiz 2
  • Complete Week 5 Labs (Optional)
    • Creating an IT Asset Inventory
    • Managing Technical Vulnerabilities

6

6

Topics: Business Impact Analysis and Continuity Planning

  • Readings:
    • Chapter 10: Planning Risk Mitigation Throughout an Organization
    • Chapter 11: Turning a Risk Assessment into a Risk Mitigation Plan
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Complete Quiz 3
  • Complete Week 6 Labs (Optional)
    • Developing A Risk Mitigation Plan
    • Implementating a Risk Mitigation Plan

7

7, 8

Topics: Disaster Recovery, Incident Response Team, and Plan

  • Readings:
    • Chapter 12: Mitigating Risk With a Business Impact Analysis
    • Chapter 13: Mitigating Risk with a Business Continuity Plan
    • Chapter 14: Mitigating Risk With a Disaster Recovery Plan
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Project Part 4
    • Busines Impact Analysis (BIA) and Business Continuity Plan (BCP)
  • Submity Week 7 Assignment
    • Application of Risk Management Techniques
  • Complete Week 7 Lab (Optional)
    • Performing a Business Impact Analysis

8

1-8

Topics: Course Review and Final Examination

  • Readings:
    • Chapter 15: Mitigating Risk With a Computer Incident Response Team Plan
  • Read assigned chapter
  • Review all previously assigned chapters in preparation for the Final Exam
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Project Part 5
    • Final Risk Management Plan (Projects 1-4)
  • Complete Final Exam
  • Complete Week 8 Lab (Optional)
    • Analyzing the Incident Response Process
  • Complete Course Evaluation

Final Exam
Chapters 1-15
SLOs 1-8

08112021

COSC Accessibility Statement

Charter Oak State College encourages students with disabilities, including non-visible disabilities such as chronic diseases, learning disabilities, head injury, attention deficit/hyperactive disorder, or psychiatric disabilities, to discuss appropriate accommodations with the Office of Accessibility Services at OAS@charteroak.edu.

COSC Policies, Course Policies, Academic Support Services and Resources

Students are responsible for knowing all Charter Oak State College (COSC) institutional policies, course-specific policies, procedures, and available academic support services and resources. Please see COSC Policies for COSC institutional policies, and see also specific policies related to this course. See COSC Resources for information regarding available academic support services and resources.