Study Options
Course Listings
MSIT 441: IT Risk Management



This overview course introduces and examines the enterprise view of Information Technology - Risk Management. This course will have students consider real world risk scenarios while at the same time reviewing proactive actions and risk mitigation strategies. Students are exposed to various industries, organizational roles, frameworks, risk management terms and the inter-dependencies involved with this discipline. Topics include strategic risk decisions, policy, asset management, and incident handling. The emphasis is on practical solutions based on real world situations using current, relevant and newsworthy examples. The Enterprise IT Risk Management knowledge gained is applicable to continuing coursework, plus the current and future professional situations that students will engage in. The MSIT 490 Class, Cybersecurity Leadership, is held in the 2nd 5 weeks of this Quarter and is complimentary to this class. While this class is not a pre-requisite to MSIT 490, students will benefit from attending both classes. The same textbook is used for both courses.

REQUIRED TEXT:  “CISO Compass Navigating Cybersecurity Leadership Challenges with Insights from Pioneers” by Todd Fitzgerald.

COURSE OBJECTIVES: As a result of this course students should have:

  1. Improved understanding of the evolving role of IT Risk Management in the Enterprise. b) Considered the frameworks used for implementing and reporting on an Information Risk Program.
  2. Considered Risk Mitigation processes that are preventative.
  3. Reviewed detection and response/recovery processes.
  4. Improved presentation skills.
  5. Referenced industry specific approaches and material for future consideration; consider newly enacted regulatory requirements for an enterprise, and:
  6. Developed the ability to consider specific IT Risk Management techniques based on a given scenario.


Week 1: Corporate Risk Governance/Management.
Week 2: Risk Management Frameworks, IT Project Risk.
Week 3: Innovation and Cybersecurity Risk  (Mid-Term Issued).
Week 4: Incident Response, Business Continuity and DR (Mid-Term Due Beginning of Class).
Week 5: People & Supply Chain Risk, Final Paper and Presentations.

TEACHING METHODS: Classes will be comprised of lectures, interactive classroom, group discussions, a mid-term exam (essay), and a final paper and supporting presentation.

GENERAL INFORMATION ABOUT THE CLASS: Homework will be assigned according to the schedule in section VIII.

  • Required Reading and Homework: Weekly reading from the text and other sources will be provided on CANVAS in advance.
  • Weekly Risk Management Journal. Class participants are expected to record thoughts in a weekly journal regarding Risk Management, and upload this after the last class on April 22, 2023.
  • Mid-Term. The mid-term exam will be a take-home exam and will consist of six essay questions and each student will select four of six questions to answer, each accounting for 25% of the mid-term exam grade. All deliverables will be sent though CANVAS to the instructor prior to the due date (beginning of 4th Class). Grading is based on ability to apply the concepts taught in class, and overall performance.
  • Final Presentation Preparation. The first deliverable for this assignment is due by the end of class on April 1, 2023, a Risk Scenario description. This non-attributable 1-2 paragraph document will describe a current or recent IT situation with elevated risk that the student has been engaged with or exposed to. Through the course and based on their current knowledge, the student will consider Risk Management and mitigation processes, tools and techniques to reduce risk to an acceptable level. Students may collaborate with one another developing the abstract and considering strategies. As this may be a new discipline for many, classroom time will be provided to discuss the Risk Scenarios and Mitigating Controls.
  • Final Presentation Delivery: Each student will orally and individually deliver an Executive Summary of their Risk Scenario for the Final Presentation. The template and format are a 7-10-minute presentation using a two-page Executive Summary format that both describes the scenario and then suggests Risk Mitigation approaches. Grading will be based on how well the student communicates the scenario (Delivery), the risk to the organization (Content) and demonstrates reasonable understanding of how the risks can be mitigated (Knowledge/Organization). The audience of fellow students (Executive Committee-Audience Engagement/Awareness) will have an opportunity to ask questions at the end of the presentation.

GRADING CRITERIA: Your final grade will be based upon the following:

  • Class Participation (Value added contributions to class discussions): 10%
  • Take Home Mid-Term Exam: 40% 
  • Final Paper and Presentation: 40%
  • Weekly Risk Journal (to be uploaded after the final class): 10%

Faculty Profile

Todd Fitzgerald