Course Title: Information Systems Risk Management

Part A: Course Overview

Course Title: Information Systems Risk Management

Credit Points: 12

Course Coordinator: Dr. Asha Rao

Course Coordinator Phone: +61 3 9925 1843

Course Coordinator Email:asha@rmit.edu.au

Course Coordinator Location: 8.9.17

Pre-requisite Courses and Assumed Knowledge and Capabilities

INTE1120 Introduction to Information Security and INTE1122 Case Studies in Information Security are pre-requisites for this course. This is a second semester course that builds on the overview presented in the above courses, which included a survey of continuity management issues.

Course Description

This course will provide you with a strategic and in-depth knowledge of the issues involved in the emerging field of Information Systems Risk Management. It explores the relationships between, and differences from, standard risks attached to business, project and information security activities from the perspective of risk-management. Employing the overviews presented in the pre-requisite courses, and the general approaches presented in lectures, you will work in teams to critically assess the different methodologies used by industry for undertaking information security threat and risk assessment, while applying their conclusions to a real-world scenario.

Objectives/Learning Outcomes/Capability Development

The aim of this course is to ensure that you are able to document the risks and threats that are encountered in modern information security applications and to identify the relationship between these risks vis a vis the more commonly occurring risks associated with business and project management. This will be achieved through the examination of a series of case studies drawn from practical information security contexts.

This course will prepare you for a professional career or postgraduate research in the risk management area. You will be able to further develop your ability to communicate both technical and non-technical material in a range of forms (written, oral, electronic, graphic) and to tailor the style and means of communication to different audiences and will have another opportunity to understand how to work effectively within and potentially as a leader of an interdisciplinary team.

On completion of the course, you should be able to:
• Analyse risks in Information Systems;
• Identify risks involved in Information Systems management;
• Communicate effective strategies in dealing with risks in Information Systems management, both in a written form and orally to an audience of their peers.

Specific learning outcomes will include the ability to:
1. Identify information security threats arising in various practical scenarios.
2. Correlate these risks to continuity management issues.
3. Conduct information system risk analyses.
4. Explore possible solutions to these risk scenarios.
5. Evaluate proposed responses to risk scenarios by means of various measures including such matters as cost, complexity of implementation and system user impact.
6. Understand group dynamics and the people-centred nature of Information Security.
7. Understand the difference between commenting on and copying of information.

Overview of Learning Activities

A variety of planned student learning experiences will be used to cater for the learning outcomes envisaged for this course. This includes seminars, group discussions, and laboratory based learning experiences. The seminar format will be used to give an overview of the specified study area and to direct you to foundational, analytical, and evidence-based readings about risk management and its place in Information Security. Facilitated open discussions in the seminar context will draw on the your capacity to solve problems and to think critically and analytically. This approach will enable an interactive flow of knowledge between those students with work experience and those fresh out of an undergraduate degree. This interactive flow of knowledge will be further facilitated by group discussions and role-playing.

Overview of Learning Resources

You will be expected to expand on the subject matter provided as lecture notes in class. This will take the form of accessing various external and internal resources, such as the library and the Internet.
Appropriate references, to be accessed from the library or elsewhere, will be used in this course. The Internet will be the most important source for academic, technical and white papers and you will be required to use this as a learning resource on a regular basis.

Overview of Assessment

Assessable components of this course include demonstrable participation in formal tutorial activities, contribution to the formal written report and participation in the oral presentation to your peers; and a final examination.

Groups will be formed in week 3 and will meet every fortnight in a formal tutorial setting. The course leader will provide feedback and guidance at these sessions. The groups will also be encouraged to meet informally on a weekly basis outside of the classroom environment to better establish group dynamics.

The main group activity will consist of a major assignment making use of role-playing in groups of 4 or more, to apply risk-management principles, along with control measures, to a hypothetical system. To ensure adequate progress in this major assignment, groups will submit progress reports to the course leader who will provide appropriate feedback. You will be assessed on a group presentation and report, as well as participation during presentation of others’ work. You will be expected to understand the plagiarism policy enforced at RMIT.

The final examination will test the your comprehension of the course material and your ability to apply this understanding to real world problems.