None
Course Number:
CSCI 5624
Approved Starting Semester:
Fall 2021
Course Title:
Risk Management
Credit Hours:
3
Course Description (Bulletin Description):
This course addresses the broad topic of risk management and how risk, threats, and vulnerabilities impact information systems. Areas of instruction include how to assess and manage risk based on defining an acceptable level of risk for information systems. Elements of a business impact analysis, business continuity plan, and disaster recovery plan will also be discussed.
Prerequisite:
CSCI 5200;
Co-requisite:
None
Pre/Co-requisite::
None
Dual-Listed:
CSCI 4624
Course Objectives (Course-level Student Learning Outcomes):
At the completion of the course, the student will be able to: 1. Explain the basic concepts of and need for risk management. 2. Explain methods of mitigating risk by managing threats vulnerabilities, and exploits. 3. Identify compliancy laws, standards, best practices, and policies of risk management. 4. Describe the components of an effective organizational risk management program. 5. Describe techniques for identifying and analyzing relevant threats, vulnerabilities, and exploits. 6. Describe the process of performing risk assessments. 7. Identify assets and activities to protect within an organization. 8. Identify threats, vulnerabilities, and exploits. 9. Identify risk mitigation security controls. 10. Describe concepts for planning risk mitigation throughout an organization. 11. Describe concepts for implementing a risk mitigation plan. 12. Perform a business impact analysis. 13. Create a business continuity plan (BCP) based on the findings of a given risk assessment for an organization. 14. Create a disaster recovery plan (DRP) based on the findings of a given risk assessment for an organization. 15. Create a computer incident response team (CIRT) plan for an organization.
Topics Covered (In Outline/Calendar):
• Threats and Adversaries • Vulnerabilities and Risks • Basic Risk Assessment • The audit process • Security Life-Cycle • Intrusion Detection and Prevention Systems • Cryptography • Data Security (in transmission, at rest, in processing) • Security Models • Access Control Models (MAC, DAC, RBAC) • Security Mechanisms (e.g., Identification/ Authentication, Audit) • Definition of "vulnerability" • Social Engineering Vulnerabilities • Vulnerability characteristics • Root causes of vulnerabilities • Administrative Privileges and Their Effect on Vulnerabilities • Mitigation strategies • Tools and Techniques for Identifying Vulnerabilities
Student Learning Outcomes:
Not applicable for this course
Course Coordinator:
Dr. Mir Hasan
Instructor-in-charge:
Dr. Mir Hasan
Previous Professors:
Dr. Mir Hasan
Technologies / Skills:
Assessment of system vulnerability
Textbook(s):
Summer/Spring 2026
Title: Managing Risk Information Systems
Edition: 2nd
Author: Gibson
Publisher: Jones + Bartlett
ISBN: 9781284055955
========================================
Go back to choose another course