CSS 230: Managing Risk in Information Systems

Course Description

This course will focus on the broad topic of risk management and how risk, threats, and vulnerabilities impact information systems. Areas of instruction include how to assess and manage risk based on defining an acceptable level of risk for information systems. Elements of a business impact analysis, business continuity plan, and disaster recovery plan will also be discussed. (3 credits)

Prerequisites

  • ITE 145: Fundamentals of Information System Security
  • ENG 101: English Composition 1

Student Learning Outcomes (SLOs)

Upon completion of the course, the students will be able to:

  1. Explain the concepts of and needs for risk management.
  2. Identify compliancy laws, standards, best practices, and policies of risk management.
  3. Describe the components of an effective organizational risk management program.
  4. Describe techniques for identifying relevant threats, vulnerabilities, and exploits.
  5. Identify risk mitigation security controls
  6. Describe concepts for implementing risk mitigation throughout an organization.
  7. Perform a business impact analysis for a provided scenario.
  8. Create a business continuity plan (BCP) based on the findings of a given risk assessment for an organization.
  9. Create a disaster recovery plan (DRP) based on the findings of a given risk assessment for an organization.
  10. Create a Computer Incident Response Team (CIRT) plan for an organization in a given scenario.

General Education Outcomes (GEOs)

Please check the applicable GEOs for this course, if any, by outcomes at GEO Category Search, or by subject area at GEO Discipline Search.

Course Activities and Grading

Assignments

Weight

Discussions

10%

Written Assignments

10%

Labs

20%

Quizzes

7%

Projects

33%

Final Exam

20%

Total

100%

Required Textbooks

Available through Charter Oak State College's online bookstore

  • Gibson, Darril. Managing Risk in Information System - with Access Code. 2nd ed. Sudbury, MA: Jones & Bartlett, 2015. ISBN-13: 9781284143478

Additional Resources

  • Links and readings will be provided in the Course Documents and Webliography sections on Blackboard.

Course Schedule

Week

SLOs

Readings and Exercises

Assignments

1

1

Topics: Risk Management Fundamentals, Compliance Laws, Standards, and Best Practices

  • Readings:
    • Chapter 1: Risk Management Fundamentals
    • Chapter 3: Managing Compliance


  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 1 Assignment
    • PCI DSS and the Seven Domains
    • Application of Risk Management Techniques
  • Complete Week 1 Labs
    • How to Identify Threats & Vulnerabilities in an IT Infrastructure
    • Align Risk, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls

2

4

Topic: Risk Management Planning

  • Readings:
    • Chapter 2: Managing Risk: Threats, Vulnerabilities, and Exploits
    • Chapter 4: Developing a Risk Management Plan
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Complete Week 2 Lab
    • Define the Scope and Structure for an IT Risk Management Plan

3

 

Topic: Concepts of Risk Assessment

  • Readings:
    • Chapter 5: Defining Risk Assessment Approaches
    • Chapter 6: Performing a Risk Assessment
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 3 Assignment
    • Risk Assessment Approaches
  • Complete Week 3 Lab
    • Perform a Qualitative Risk Assessment for an IT Infrastructure Directory and User Access Controls
  • Complete Quiz 1
  • Submit Project Task 1
    • Risk Management Plan

4

 

Topic: Key Components of Risk Assessment

  • Readings:
    • Chapter 7: Identifying Assets and Activities to be Protected
    • Chapter 8: Identifying and Analyzing Threats, Vulnerabilities, and Exploits
    • Chapter 9: Identifying and Analyzing Risk Mitigation Security Controls
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Complete Week 4 Lab
    • Identify Threats and Vulnerabilities in an IT Infrastructure Using Zenmap GUI (Nmap) & Nessus® Reports

5

 

Topic: Strategies for Mitigating Risk

  • Readings:
    • Chapter 10: Planning Risk Mitigation Throughout the Organization
    • Chapter 11: Turning Your Risk Assessment into a Risk Mitigation Plan
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Complete Week 5 Lab
    • Develop a Risk-Mitigation Plan Outline for an IT Infrastructure
  • Complete Quiz 2
  • Submit Project Task 2
    • Risk Assessment Plan

6

 

Topics: Business Impact Analysis and Continuity Planning

  • Readings:
    • Chapter 12: Mitigating Risk with a Business Impact Analysis
    • Chapter 13: Mitigating Risk with a Business Continuity Plan
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Complete Week 6 Labs
    • Perform a Business Impact Analysis for a Mock IT Infrastructure
    • Develop an Outline for a Business Continuity Plan for an IT Infrastructure
  • Complete Quiz 3
  • Submit Project Task 3
    • Risk Mitigation Plan

7

8-9

Topics: Disaster Recovery, Incident Response Team, and Plan

  • Readings:
    • Chapter 14: Mitigating Risk with a Disaster Recovery Plan
    • Chapter 15: Mitigating Risk Assessment with a Computer Incident Response Team Plan
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Complete Week 7 Labs
    • Develop Disaster Recovery Backup Procedures and Recovery Instructions
    • Create a CIRT Response Plan for a Typical IT Infrastructure
  • Complete Quiz 4
  • Submit Project Task 4
    • Business Impact Analysis (BIA)
  • Submit Project Task 5
    • Business Continuity Plan (BCP)

8

1-10

Topics: Course Review and Final Examination

  • Readings:
    • Review preview chapters in preparation for the final exam.
  • Complete Final Exam
  • Submit Project Task 6
    • Disaster Recovery Plan (DRP)
  • Submit Project Task 7
    • Computer Incident Response Team (CIRT) Plan
  • Submit Final Project
    • Risk Management Plan
  • Complete Course Evaluation

Final Exam
Chapters 1-15
SLOs 1-10

COSC Accessibility Statement

Charter Oak State College encourages students with disabilities, including non-visible disabilities such as chronic diseases, learning disabilities, head injury, attention deficit/hyperactive disorder, or psychiatric disabilities, to discuss appropriate accommodations with the Office of Accessibility Services at OAS@charteroak.edu.

COSC Policies, Course Policies, Academic Support Services and Resources

Students are responsible for knowing all Charter Oak State College (COSC) institutional policies, course-specific policies, procedures, and available academic support services and resources. Please see COSC Policies for COSC institutional policies, and see also specific policies related to this course. See COSC Resources for information regarding available academic support services and resources.