CIT 251 : Managing Risks in Information Systems
This course addresses the broad topic of risk management and how risk, threats, and vulnerabilities impact information systems. Topics include risk management fundamentals, legal and regulatory compliance, performing risk assessments, identifying and protecting assets, and using appropriate frameworks. Areas of instruction also include how to assess and manage risk based on defining an acceptable level of risk for information systems. Elements of a business impact analysis (BIA), business continuity plan (BCP), disaster recovery plan (DRP), and computer incident response team (CIRT) plan will also be discussed. Prerequisite: CIT 150 or permission of the instructor. Three lecture hours per week. Instructional Support Fee applies. Gen. Ed. Competencies Met: Critical Thinking, Information Literacy, and Scientific Reasoning and Discovery. 3 Credits. Fall.
1. Describe components of and approaches to effective risk management and assessments in an organization. 2. Describe mitigation techniques for relevant threats, vulnerabilities, and exploits. 3. Identify compliance laws, standards, best practices, and policies of risk management. 4. Identify assets and activities to protect within an organization. 5. Identify risk mitigation security controls and develop a risk mitigation plan. 6. Perform business continuity planning, including business impact analysis, disaster recovery, and incident response planning.