MBA613: Risk Assessment and Management

Credit Hours:
3
Estimated Hours Per Week:
15

Overview

This course provides hands-on experience in assessing and managing risk associated with information systems using OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), a risk assessment methodology developed by the CERT Coordination Center (CERT/CC) at the Software Engineering Institute (SEI) of Carnegie Mellon University. Students will investigate a wide range of related topics including:

  • Building asset-based threat profiles
  • Identifying infrastructure vulnerabilities
  • Conducting risk analysis
  • Developing a protection strategy

Students will complete an OCTAVE evaluation for their own organization’s security posture or that of a fictitious company developed by a peer. The series of OCTAVE evaluation assignments provide hands-on experience in evaluating the potential risk an organization’s information architecture faces using the OCTAVE method.

Course Learning Objectives

Upon successful completion of this course, students will be able to:

  • Outline the principles, attributes, and outputs that underlie the OCTAVE approach.
  • Describe the three phases and eight processes that constitute the OCTAVE method.
  • Evaluate the vulnerabilities of the key technological components of an organization's infrastructure.
  • Conduct a risk analysis for an organization by identifying threat impact, defining risk criteria, and building asset-based risk profiles.
  • Create a protection strategy, risk mitigation plans, and an action list for presentation to senior management.
  • Customize OCTAVE for a specific organization.
ENROLLMENT
To enroll in this course, please complete the online application.

Required Texts
MBA613 texts are available from the JIU/Follett Bookstore