95-756: Information Security Risk Analysis
Prerequisites: Understanding or experience in information systems management 95-752 Introduction to Information Security Management (recommended)Today's information systems professionals will be called upon to secure the information assets of the organization and protect the organization from cyber threats and vulnerabilities. Managing risk to the organization requires a process that balances business requirements against information security options. This course is based upon the OCTAVE-sm methodology developed at Carnegie Mellon University by CERT within the Software Engineering Institute. (OCTAVE is an acronym for Operationally Critical Threat, Asset, VulnerabilityEvaluation.) Soon to become the standard for information security risk assessment, the OCTAVE-sm methodology provides a framework for an organization to assess its own threat profiles and infrastructure vulnerabilities and to develop a comprehensive security strategy.This course provides the student with a formal process for performing an information security risk assessment in an organization. The course presents an exciting opportunity to learn the skills students will need in actual working environments including workshop skills and critical thinking about security as well as the OCTAVE-sm methodology itself. A case study will be presented on which the students will exercise their newly learned skills in class workshops around a healthcare information system.Distinguished speakers will lecture from the Software Engineering Institute, a Big Five consulting company, an insurance company, a healthcare organization, a national law enforcement agency, and a company developing information security technology. The lectures will combine the formal training developed by SEI/CERT for OCTAVE-sm with additional materials on such topics as threat profiles, infrastructure vulnerabilities, risk management, a
| A3 | MW | 07:30 pm - 08:50 pm | CIC 1201 | Instructor TBA |
| J3 | Location and time to be announced. | |||