Cmgt442 r4 New Syllabus

Course Design GuideCMGT/442 Version 4

1

SyllabusCollege of Information Systems & Technology

CMGT/442 Version 4Information Systems Risk Management

Copyright © 2010, 2009, 2008, 2006 by University of Phoenix. All rights reserved.

Course Description

This course identifies and defines the types of risks that information systems professionals need to consider during the development and implementation of computer based information systems. This course will survey remedies and prevention techniques available to address the risk areas present. Organizational policies and current regulatory considerations will also be examined relative to development, implementation, and use of computer based information systems.

Policies

Faculty and students/learners will be held responsible for understanding and adhering to all policies contained within the following two documents:

University policies: You must be logged into the student website to view this document. Instructor policies: This document is posted in the Course Materials forum.

University policies are subject to change. Be sure to read the policies at the beginning of each class. Policies may be slightly different depending on the modality in which you attend class. If you have recently changed modalities, read the policies governing your current class modality.

Course Materials

Cooper, D. F., Grey, S., Raymond, G., & Walker, P. (2005). Project risk management guidelines: Managing risk in large projects and complex procurements. Hoboken, NJ: Wiley.

Greenstein, M., & Vasarhelyi, M. (2002). Electronic commerce: Security, risk management, and control (2nd ed.). Boston, MA: McGraw-Hill.

Marchewka, J. T. (2009). Information technology project management: Providing measurable organizational value (3rd ed.). Hoboken, NJ: Wiley.

Tarlow, P. E. (2002) Event risk management and safety. Hoboken, NJ: Wiley.

Article References

Barr, J. G. (2011). Business continuity for Web sites. Faulkner Information Services.

Ledford, J. L. (2011). Business continuity for corporate libraries. Faulkner Information Services.

Keston, G. (2008). Identity management for IT security and administration. Faulkner Information Services.

Vosevich, K. (2011). Risk management software market trends. Faulkner Information Services.

Barr, J. (2009). Federal business continuity plans. Faulkner Information Services.

Ledford, J. L. (2011). Federal Information Security Management Act (FISMA). Faulkner Information Services.

https://ecampus.phoenix.edu/secure/aapd/policies/


2

Ainsworth, M. (2009). The business continuity planning process. Faulkner Information Services.

Barr, J. G. (2007). The standard of good practice for information security. Faulkner Information Services.

Drumheller, R. (2011). Conducting an information security gap analysis. Faulkner Information Services.

All electronic materials are available on the student website.

Week One: Enterprise Information Systems Risk Management

Details Due Points

Objectives 1.1 Recognize the importance of Information Systems Risk Management.

1.2 Identify organizational issues and concerns. 1.3 Describe basic organizational security issues and concerns.

Readings Read Ch. 1, “Overview of Electronic Commerce”, of Electronic Commerce: Security, Risk Management, and Control.

Read Ch. 2, “Electronization of Business”, of Electronic Commerce: Security, Risk Management, and Control.

Read Ch. 1, “Introduction to Project Risk Management”, of Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements.

Read Ch. 8, “Communication and Reporting”, of Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements.

Read Ch. 9, “Project Processes and Plans”, of Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements.

Read the Week One Read Me First.

Review this week’s Electronic Reserve Readings.

Participation Participate in class discussion. 3

Discussion Questions

Respond to weekly discussion questions. 2

Learning Team Instructions

Create the Learning Team Charter.

McBride Financial Services, one of the Virtual Organizations, is currently opening offices in Boise, Idaho and Sioux Falls, South Dakota. Select one of the locations and prepare a comprehensive risk assessment for McBride’s management team. The risk assessment should identify potential risks that could impact the operation of the business. The written assessment should be 8 to 10 pages in length and will be submitted to the instructor during Week

Day 72/13

2


3

Five. In addition, the Learning Team will prepare a Microsoft® PowerPoint® presentation of the project which will also be submitted to the instructor during Week Five.

In preparing the risk assessment, be sure to consider the following:

The use of toxic chemicals in the vicinity of the business by manufacturing processes industrial solvents, blue print machines, etc.

Public transportation facilities that might handle the carriage of dangerous or hazardous substances, which could be involved in major accidents

Potential targets of criminal activity

Potential targets of terrorist activity such as government offices, law enforcement agencies, or politically sensitive businesses or services

Week Two: Risk Control Models

Details Due Points

Objectives 1.4 Identify organizational structures and the roles they assume in risk management.

1.5 Examine risk control improvement models. 1.6 Compare and contrast various risk control models.

Readings Read Ch. 7, “Risks of Insecure Systems”, of Electronic Commerce: Security, Risk Management, and Control.

Read Ch. 8, “Risk Management”, of Electronic Commerce: Security, Risk Management, and Control.

Read Ch. 7, “Monitoring and Review”, of Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements.

Read Ch. 12, “Other Approaches to Project Risk Management”, of Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements.

Read the Week Two Read Me First.






4


Begin working on the Learning Team project.Review McBride Internet and intranet websites for information about the selected location.Submit the research on the local area and surrounding businesses for potential risks. (1 page)

Day 72/20

1

IndividualService Request SR-HT-001

Prepare a 3- to 5-page paper describing the considerations necessary to address the possible security requirements and the possible risks associated with the Benefits Elections Systems being requested by the Service Request, SR-HT-001 for Huffman Trucking Company.

Day 72/20

15

Week Three: Risk Assessment

Details Due Points

Objectives 1.7 Identify components of risk assessment. 1.8 Discuss the components of risk assessment. 1.9 Examine how each component plays a role in assessing risk.

Readings Read Ch. 18, “Introduction to Environmental Risk Management”, of Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements.

Read Ch. 24, “Conclusions”, of Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements.

Read Ch. 25, “Risk Management Process Checklist”, of Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements.

Read the Week Three Read Me First.






Continue working on the Learning Team project.Submit an outline of the final paper (1-2 pages). Day 7

2/271

IndividualSecurity Monitoring

Prepare a 3- to 5-page paper describing the security monitoring activities that should be conducted in an organization with both internal IT (payroll, human resources, inventory, general ledger, and so on) and e-commerce (Internet sales and marketing) applications. The paper will include the rationale supporting each monitoring

Day 72/27

15


5

activity you propose and any recommended course of action to be taken when a significant risk is identified.

Week Four: Project Management of Risk

Details Due Points

Objectives 1.10 Recognize how Project Management can aid in risk management.

1.11 Differentiate between process and application risks.1.12 Relate project control variables to risk management.

Readings Read Ch. 8, “Managing Project Risk”, of Information Technology Project Management: Providing Measurable Organizational Value.

Read Ch. 3, “Risk Identification”, of Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements.

Read the Week Four Read Me First.






Continue working on the Learning Team project.Begin working on the Microsoft® PowerPoint® presentation.

Submit a draft copy of the Learning Team references in APA format. Day 73/5

1

IndividualOutsourcing Risks

Prepare a 3- to 5-page paper that identifies the possible risks to an organization in each of the following outsourcing situations: a) the use of an external service provider for your data storage; b) the use of an enterprise service provider for processing information systems applications such as a payroll, human resources, or sales order taking; c) the use of a vendor to support your desktop computers; and d) the use of a vendor to provide network support. The paper will include a risk mitigation strategy for each situation. One mitigation strategy, because of personnel and facility limitations, cannot be proposed in the paper, because it eliminates the outsourcing by bringing the situation in house.

Day 73/5

20

Week Five: Regulatory Considerations for Management


6

Details Due Points

Objectives 1.13 Comprehend needs for risk planning and management. 1.14 Discuss the affects and implications of federal regulations

on business functions, processes, and procedures. 1.15 Apply risk management methodologies in situational cases.

Readings Read Ch. 5, “The Regulatory Environment”, of Electronic Commerce: Security, Risk Management, and Control.Read Ch. 6, “EDI, Electronic Commerce and the Internet”, of Electronic Commerce: Security, Risk Management, and Control.Read Ch. 1, “Risk Management”, of Event Risk Management and Safety. Read Ch. 2, “Risk Assessment”, of Event Risk Management and Safety. Read the Week Five Read Me First.Review this week’s Electronic Reserve Readings.

Participation No Participation in class discussion.


No weekly discussion questions.

IndividualPeer Review

Prepare the Learning Team Peer Review. Day 73/12

2

Learning TeamRisk Assessment Project & Presentation

Finalize and submit the Risk Assessment & Microsoft® PowerPoint® presentation.

Day 7 3/12

18+5

Week One Discussion Questions

Based on the Ledford (2011) article, what special issues must be considered for corporate data which are not fully digitized? What are the risks associated with the loss of these data? What recovery procedures do you recommend for these situations?

Based on the Barr (2011) article, what special issues must be addressed for a risk management strategy that supports user-facing, web-based systems? What are the risks associated with disruption of these systems?

Week Two Discussion Questions

Based on the Keston (2008) article, how important is enterprise identity management for reducing risk throughout the enterprise? Explain why a viable risk management strategy must include, at a minimum, a solid enterprise identity management process.

Based on the Barr (2011) article, what software must be considered to provide adequate security management across the enterprise? ***Problem, there is only the Vosevich 2011 article available on the electronic readings, so use it with the same Discussion Question.


7

Week Three Discussion Questions

Based on the Barr (2009) article, do you think the private sector must employ something similar to the Federal Government’s Continuity of Operations Process (COOP) as an integral part of their enterprise risk management plan? What are the major issues to consider?

Based on the Ledford (2011) article, do you think the Federal Information Security Management Act (FISMA) might provide the basis for a standard framework for enterprise risk management adaptable to the private sector? What are the major issues to consider?

Week Four Discussion Questions

Based on the Ainsworth (2009) article, might an effective risk management plan be considered a process that may restore all systems, businesses, processes, facilities, and people? What are the major issues to consider?

Based on the Barr (2011) article, what changes would you recommend for the Information Security Forum’s 2011 Standard? Which of these changes must be incorporated into the enterprise’s risk management plan?

Week Five Discussion Questions

Based on the Drumheller (2011) article, do you consider conducting an information security gap analysis on a regular basis an essential best practice for ensuring enterprise risk management? What are the major factors to consider when conducting an information security gap analysis?

Copyright

University of Phoenix® is a registered trademark of Apollo Group, Inc. in the United States and/or other countries.

Microsoft®, Windows®, and Windows NT® are registered trademarks of Microsoft Corporation in the United States and/or other countries. All other company and product names are trademarks or registered trademarks of their respective companies. Use of these marks is not intended to imply endorsement, sponsorship, or affiliation.

Edited in accordance with University of Phoenix® editorial standards and practices.

Cmgt442 r4 New Syllabus

Documents

Transcript of Cmgt442 r4 New Syllabus