Close
ITRM-MB14
BM 2013-15: Term-IV

IT Risk Management


This course will give a broad understanding of what is IT security is all about and the vital role that it plays in organizations. The objective of the course is to bring an awareness of information security to the business students, business managers in all areas, not just IT, and help them to raise the level of information security issues across organizations and in business operations performed between different organizations such as B2B, B2C etc. Also to understand the risks arising due to security issues in managing information of a business which are exposed to attacks by malicious users. Topics includes information security planning, risk analysis, policy development, security in mobile, wireless, enterprise networks and legal & regulatory issues.

Pre-requisite: Students should have basic understanding of information systems, basic knowledge of LAN, WAN, intranet and internet etc.

Course Content

1. Introduction to Information Security
2. Information Risk Management & Analysis
3. Security planning, management and policy
4. Role Based Access Control Systems
5. Network Security
6. Digital Security
7. Security Law, Investigation and ethical issues
8. Security Audits and Standards - BS7779 and ISO27000
9. Disaster Recovery & Business Continuity Plan
10. Physical Security

Tentative Session Plan
SessionModuleDescriptionRemarks
1Introduction1. Course outline
2. Course content
3. Course structure
4. Introduction to IT Security
2The Need for Security1. Why do we need information security?
2. Business Needs?		Case Study
3 & 4Information Risk Management1. Risk & Risk Identification
2. Risk Management & Control		Case Study
5 & 6Security Planning, Security Management1. Security Management Framework
2. Security Policy, standards and Practices
7 & 8Role Based Access Control Systems1. Role Based Access
2. Identity Management
3. Single sign-on		Guest Speaker
9Network Security1. What is Network security
2. Why do we need network security?		Practical Lab Demonstrations
10 & 11Digital Security1. Digital Security (Web Security)
2. Digital Certification
3. E-mail security		Case Study
12 Security Law, Investigation and ethical issues1. Law and Ethics in Information Security
2. Relevant US and Indian Laws
3. Organization Liabilities		Case Study
13Security Audits4. Standards
5. Security Audits
6. Implementing Standards		Guest Speaker
14Disaster Recovery7. What is DR
8. DR Planning
9. DR Strategy
10. What is BCP		Guest Speaker
15Physical Security11. Introduction to Physical Security
12. Strategies
15Ethical hacking13. What is Ethical hacking
14. ECH certifications
15. Why do Organizations need Ethical Hackers?
Evaluation

To be finalised.

Case Study

Objectives of Case Analysis:

1. To identify major issues/problem(s)
2. Examine facts and evaluate evidences
3. Apply knowledge / experience / understanding gained in the class to analyze and take necessary actions and consider feasibility of alternative courses of action
4. Steps for implementation

Each individual will be responsible for coming up with a one-page typed problem statement and answers addressing above objectives. You are free to discuss among your team members but no duplication is allowed.

References

1. Principles of Information Security – Michael E Whitman and Herbert J Mattord, Cengage Learning publications
2. Introduction to Cryptography - Principles and applications. Delfs, H. and H. Knebl. Springer-Verlag. 2002
3. Design of robust business-to-business electronic marketplaces with guaranteed privacy: J, Kalvenes, A.Basu, Management Science, Vol. 52, no. 11, pp. 1721-1736
Created By: Debasis Mohanty on 03/26/2014 at 08:57 AM
Category: BM-II T-IV Doctype: Document

...........................