MSIT 490: Information Security - Risk Management

Quarter Offered

Spring : Saturday, 2:00pm-5:00pm, First 5 weeks ; Tina Hauri


This course introduces a practical approach to ISRM. We will discuss risk assessment (RA), threat and vulnerability identification and rating, standards by which to measure levels of security risk and the prioritization of information risk reducing tactics. Key topics include assessment and modeling techniques, regulatory, legislative and compliance issues, organizational context, the creation and presentation of risk reports with recommended treatment plans that meet the needs of the business.

REQUIRED TEXT:  Dr. Corey Schou and Steen Hernandez, "Information Assurance Handbook” – Effective Computer Security and Risk Management Strategies, 1 st Edition.

COURSE GOALS: As an overview course, the goals are to enhance critical thinking skills around the topic of Information Assurance/Risk Management and provide practical tools, materials and constructs that can be used to consider risk within an enterprise. The course also provides the IT professional with an understanding of the day to day tactical functioning of the processes and people that are often dedicated to the risk management function.


Week 1: IAH Part 1 - Information Assurance Basics (Chapter 1 - 7 plus Appendices).
Week 2: IAH Part 2 - Information Assurance Planning Process (Chapter 8 - 14);
Week 3: IAH Part 3 - Risk Mitigation Process (Chapter 15 - 19)
Week 4: IAH Part 4 - Information Assurance Detection and Recovery Processes (Chapter 20 -25);
Week 5: IAH Part 5 - Application of Information Assurance to Select Industries (Chapter 26 -28);

ASSIGNMENTS/MID-TERM: This course will include lecture, group discussions, and presentations by the students on the final day of class. Homework will include reading, one take home Mid-Term examination and preparation of a final presentation to be delivered to the class. All deliverables will be both sent via e-mail to and a paper copy is to be hand delivered in class. Grading is based on individual contribution and performance. Reading assignments are noted in section VII of this Syllabus. The take home Mid-Term examination will consist of five essay questions and each student will choose three questions to respond to.

FINAL PRESENTATION:  The Risk Scenario Abstract for the Final Presentation, due on April, will describe a current or recent situation that the student has been engaged with and ask that they consider Risk Management processes, tools and techniques to reduce risk to an acceptable level. Students will review their proposed Use Case Final Presentation topic with the Professor during the first two weeks of class. The Risk Scenario Use Case Final Presentation will be delivered orally in 5 to 7 minutes using a single page Executive Summary format that both describes the scenario and then suggests Risk Mitigation approaches. A template will be provided.


  • Participation (Value added contributions to class discussions): 20%
  • Development of Risk Scenario Abstract-Instructor Approved: 10%
  • Take Home Mid-Term Exam: 35% 
  • Presentation of Risk Scenario Case Study: 35%


When a student completes this course, he/she should be able to:

a) Understand information assurance basic concepts
b) Consider frameworks for implementing, working within and reporting into an information assurance program
c) Examine Risk Mitigation processes that are preventative
d) Review detection and response/recovery processes
e) Reference industry specific approaches and material for future consideration
f) Develop knowledge of specific Risk Management techniques based on scenarios chosen by the students.

Faculty Profile

Tina Hauri, Chief Information Security Officer (CISO) at City of Chicago