Master of Science in Information Security Policy and Management (MSISPM) @ Carnegie Mellon: Course Description

95-756 Information Security Risk Analysis

6 units
Skills: This course assumes a basic grounding in statistics and elementary economics

This course approaches information security as a management problem, where the organization has to to decide on how much to spend on information security and how, and trade off information security risks with other risks.

Students will learn analytical tools for calculating the costs and benefits of investment security decisions, and how to calculate the return on investments, in a hands-on setting. Additional topics covered include a brief introduction to commercially available tools for risk management, an introduction to vulnerability management, risk aversion and insurance.

Learning objectives: Upon completion of this course students will understand:

Basic understanding of information security risks and the need to manage them.
Key economic concepts in uncertainty, decision making, insurance and risk management framework.
How to calculate ROI on a security investment.

This course is typically followed by another six unit course dealing with policy issues in information security.