Skip to main content

CSS 230: Managing Risk in Information Systems

Course Description

This course addresses the broad topic of risk management and how risk, threats, and vulnerabilities impact information systems. Areas of instruction include how to assess and manage risk based on defining an acceptable level of risk for information systems. Elements of a business impact analysis, business continuity plan, and disaster recovery plan will also be discussed.

Prerequisites

  • ITE 145: Fundamentals of Information System Security
  • ENG 101: English Composition 1

Student Learning Outcomes (SLOs)

Upon completion of the course, the students will be able to:

  1. Explain the concepts of and needs for risk management.
  2. Identify compliancy laws, standards, best practices, and policies of risk management.
  3. Describe the components of an effective organizational risk management program.
  4. Describe techniques for identifying relevant threats, vulnerabilities, and exploits.
  5. Identify risk mitigation security controls
  6. Describe concepts for implementing risk mitigation throughout an organization.
  7. Perform a business impact analysis for a provided scenario.
  8. Create a business continuity plan (BCP) based on the findings of a given risk assessment for an organization.
  9. Create a disaster recovery plan (DRP) based on the findings of a given risk assessment for an organization.
  10. Create a Computer Incident Response Team (CIRT) plan for an organization in a given scenario.

General Education Outcomes (GEOs)

Please check the applicable GEOs for this course, if any, by outcomes at GEO Category Search, or by subject area at GEO Discipline Search.

Course Activities and Grading

Assignment(s)

Weight

Discussions

10%

Written Assignments

10%

Labs

20%

Quizzes

7%

Projects

33%

Final Exam

20%

Total

100%

Required Textbooks

(Available through our online bookstore)

  • Gibson, Darril. Managing Risk in Information System - Print Bundle for LMS Integrations. 2nd ed. Sudbury, MA: Jones & Bartlett, 2015. ISBN-13: 9781284116984

Note: This is a Print Bundle which includes the textbook and the Access Code required for this course. Student must purchase these materials “New” from the Charter Oak State College bookstore.
Used materials or materials from any other source are not acceptable.

Additional Resources

  • Links and readings will be provided in the Course Documents and Webliography sections on Blackboard.

Course Schedule

Week

SLOs

Readings and Exercises

Assignments

1

1

Topics: Risk Management Fundamentals, Compliance Laws, Standards, and Best Practices

  • Readings:
    • Chapter 1: Risk Management Fundamentals
    • Chapter 3: Managing Compliance


  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 1 Assignment
    • PCI DSS and the Seven Domains
    • Application of Risk Management Techniques
  • Complete Week 1 Labs
    • How to Identify Threats & Vulnerabilities in an IT Infrastructure
    • Align Risk, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls

2

4

Topic: Risk Management Planning

  • Readings:
    • Chapter 2: Managing Risk: Threats, Vulnerabilities, and Exploits
    • Chapter 4: Developing a Risk Management Plan
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Complete Week 2 Lab
    • Define the Scope and Structure for an IT Risk Management Plan
  • Submit Project Part 1 Task 1
    • Risk Management Plan

3

Topic: Concepts of Risk Assessment

  • Readings:
    • Chapter 5: Defining Risk Assessment Approaches
    • Chapter 6: Performing a Risk Assessment
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 3 Assignment
    • Risk Assessment Approaches
  • Complete Week 3 Lab
    • Perform a Qualitative Risk Assessment for an IT Infrastructure Directory and User Access Controls
  • Complete Quiz 1

4

Topic: Key Components of Risk Assessment

  • Readings:
    • Chapter 7: Identifying Assets and Activities to be Protected
    • Chapter 8: Identifying and Analyzing Threats, Vulnerabilities, and Exploits
    • Chapter 9: Identifying and Analyzing Risk Mitigation Security Controls
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Complete Week 4 Lab
    • Identify Threats and Vulnerabilities in an IT Infrastructure Using Zenmap GUI (Nmap) & Nessus® Reports
  • Submit Project Part 1 Task 2
    • Risk Assessment Plan

5

Topic: Strategies for Mitigating Risk

  • Readings:
    • Chapter 10: Planning Risk Mitigation Throughout the Organization
    • Chapter 11: Turning Your Risk Assessment into a Risk Mitigation Plan
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Complete Week 5 Lab
    • Develop a Risk-Mitigation Plan Outline for an IT Infrastructure
  • Submit Project Part 1 Task 3
    • Risk Mitigation Plan
  • Complete Quiz 2

6

Topics: Business Impact Analysis and Continuity Planning

  • Readings:
    • Chapter 12: Mitigating Risk with a Business Impact Analysis
    • Chapter 13: Mitigating Risk with a Business Continuity Plan
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Complete Week 6 Labs
    • Perform a Business Impact Analysis for a Mock IT Infrastructure
    • Develop an Outline for a Business Continuity Plan for an IT Infrastructure
  • Complete Quiz 3
  • Submit Project Part 2 Task 1
    • Business Impact Analysis (BIA)
  • Submit Project Part 2 Task 2
    • Business Continuity Plan (BCP)

7

8-9

Topics: Disaster Recovery, Incident Response Team, and Plan

  • Readings:
    • Chapter 14: Mitigating Risk with a Disaster Recovery Plan
    • Chapter 15: Mitigating Risk Assessment with a Computer Incident Response Team Plan
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Complete Week 7 Labs
    • Develop Disaster Recovery Backup Procedures and Recovery Instructions
    • Create a CIRT Response Plan for a Typical IT Infrastructure
  • Complete Quiz 4
  • Submit Project Part 2 Task 3
    • Disaster Recovery Plan (DRP)
  • Submit Project Part 2 Task 4
    • Computer Incident Response Team (CIRT)

8

1-10

Topics: Course Review and Final Examination

  • Readings:
    • Review preview chapters in preparation for the final exam.
  • Submit Final Project
    • Risk Management Plan
  • Complete Final Exam
  • Complete Course Evaluation

Final Exam
Chapters 1-15
SLOs 1-10

COSC Accessibility Statement

Charter Oak State College encourages students with disabilities, including non-visible disabilities such as chronic diseases, learning disabilities, head injury, attention deficit/hyperactive disorder, or psychiatric disabilities, to discuss appropriate accommodations with the Office of Accessibility Services at OAS@charteroak.edu.

COSC Policies, Course Policies, Academic Support Services and Resources

Students are responsible for knowing all Charter Oak State College (COSC) institutional policies, course-specific policies, procedures, and available academic support services and resources. Please see COSC Policies for COSC institutional policies and the “Course Policies” link for specific policies related to this course. COSC Resources information regarding available COSC academic support services and resources.