T. A.

PAI MANAGEMENT INSTITUTE (TAPMI), MANIPAL

IT RISK MANAGEMENT & CYBER SECURITY

Programme: PGDM
Batch: 2018-2020
Term: 4
Course Name: IT Risk Management & Cyber Security – ITS 6002
Credits: 2 (20 Hours)
Course Instructor: Prof. Gurudutt S Nayak

PART 1
INTRODUCTION

In the 21st century Information and Communications Technology (ICT) enabled business enterprises,
Information Technology (IT) risks matter more than ever. IT risk is defined as the business risk
associated with the use, ownership, operation, involvement, influence and adoption of IT within an
enterprise. Absence of IT risk management provides opportunities to risk incidents, carrying a much
higher price tag than they used to. IT Risks not only have severe financial implications, but damage
corporate reputations and dampen competitive advantage. Effective management of IT risks can help
organizations to capitalize on opportunities and minimize threats. This course will train the students to
become a proactive risk manager by understanding both qualitative and quantitative approaches to
risk management. Further, students will also learn how to establish an acceptable level of risk, how to
evaluate and respond to various risks by developing a practical risk response plan. The course includes
a special focus on Cyber Security , given its growing importance.

COURSE OBJECTIVES (CO)

The objectives of the course “IT Risk Management and Cyber Security ” are to:
1. Understand degree of business dependence on information technology
2. Understand and record technology-specific risks
3. Identify, qualify, quantify, prioritize, and manage IT risks
4. Understand and apply different IT Risk Assessment Standards, Models and Methodologies
5. Understand the Cyber Security Risks and Practical ways to address them

1
COURSE LEARNING OUTCOMES (CLO)
At the end of this course, the students will be able to:

CLO1: Describe in detail the types of IT risk faced by an enterprise and its implications to the
enterprise’s present and future (PLG1).
CLO2: Identify various types of IT risks faced by an enterprise and apply concepts/techniques to
categorize and prioritize them; develop a clear way of managing the risks identified (PLG2).

COURSE CONTENT
 This course will cover understanding of risk management processes required dealing with four types
of IT risks viz. Availability, Access, Accuracy and Agility.
 This course also covers IT risks associated with IT outsourcing and IT enabled organizational change
 This course also introduces following three core disciplines to address aforementioned risks that the
decision makers of various enterprises must master to manage IT risk effectively.
o A solid foundation of IT assets, people and supporting processes and controls
o A well designed risk governance process
o A risk aware culture

PRESCRIBED TEXT BOOK

There is no prescribed text book for the course.

OTHER READINGS AND REFERENCES

a) Information Technology and Risk Management in Enterprise Environments by Jake Kouns and
Daniel Minoli , Published by Wiley

b) IT Risk : Turning Business Threats into Competitive Advantage by George Westerman and
Richard Hunter , Published by HBS Press

c) Information Security and IT Risk Management – Manish Agarwal, Alex Campoe and Eric Pierce,
Wiley India.

d) CISA Certified Information Systems Auditor Study Guide . 4th Edition , David L.Cannon, Brian
T.O'Hara and Allen Keele

e) IT Security , Indian Institute of Banking and Finance

POLICY ON PLAGIARISM:
2
Plagiarism percentage score up to 5% in submission of any word based assignment is permitted.
Beyond this percentage, negative marks would be applied as penalty.

ASSESSMENT SCHEME AND WEIGHTAGE:

{a} MID-TERM & END-TERM

Weightage Duration Open / Close

Evaluation CLO Tested
(%) (Minutes) Book
Mid Term Exam 20 90 Close book CLO 1
End Term Exam 40 120 Close Book CLO 2

{b} OTHER ASSESSMENTS

Sl Unit of
Evaluation type Weightage Time CLO
No. Evaluation
1 Quizzes Individual 10% anytime NA
Pre-work and Class work
2 Submissions/Presentation Group 20% Ongoing NA
s

3 Class Participation Individual 10% Ongoing NA

3
 PART 2: SESSION PLAN

Note : The Caselets listed under the column titled "Reading" will be sent /uploaded a few
days ahead of the respective sessions

Additional
Session Topic Pedagogy Reading Reading &
References*
Introduction to IT Risk Lecture Developing a Common
1 Management, Language About IT Risks b
And 4A's Framework

Lecture Why your IT project may be

2 IT Project Risks c
risker than you think.

IT risks: Cloud, Mobile

Risks across enterprise Emerging Technology:
3 with IT dependence Lecture Realizing Business Value and
Managing Risk in IT

IT Risks in Partner
systems, IT Risks in
outsourcing, Legal
4 aspects of IT Risk Lecture
management, Business
community planning
and DRP

5 Cyber Security - Basics Lecture c

Cyber Security – Lecture

c
Applying and Assessing
6
Cyber Security –
Autopsy of a data breach –
7 Readiness and Incident Case c
The Target Case
Management

Lecture
Information security
8 Risk management
Student
standards
Presentations

4
 Additional
Session Topic Pedagogy Reading Reading &
References*

Governing Information
Information security Lecture and
Technology Risk
9 risk management Student
Pre-read: Risk Management
methods and tools presentations
Guide for IT System: NIST

10 IT Audits and Reporting Lecture d

Browse the web for

GRC and other SW "Governance, Risk and
11 tools for IT risk Lecture Compliance "
management And for "IT Service
Management" software
Strategic Risks in IT:
CIO Challenges and
12 Lecture b
Role of Top
management

Pre-read: Are You the Weak

Behavioural and
Link?
13 Cultural dimensions in Lecture b
IT Risk management

Recap of course and

14 Lecture
wrap up
Please refer to ‘Other readings & references’ as per the indicators a, b, c, d & e listed above the plagiarism
policy note.

5
 PLG MAPPING FOR THE COURSE
Addressed CLO
PLG# Program Level Learning Goal by Course?
No.
(Yes / No)

Application of Fundamentals
PLG1 Traits: Demonstrate application of functional / conceptual Yes CLO 1
knowledge to business situations

Problem Identification and Solution

PLG2 Traits: Demonstrate ability to identify a problem, critically Yes CLO 2
assess various alternatives and suggest appropriate solution

Integrative Thinking

PLG3 Traits: Demonstrate ability to identify inter-linkages among No NA

functional areas within an enterprise and assess the impact of
external environment on its performance

Effective Communication
PLG4 Traits: Demonstrate proficiency in Oral and Written No NA
Communication

Ethical Responsibility
PLG5 Traits: Demonstrate awareness and assess impact of ethical No NA
behavior on business

PLG6 Leadership No NA
Traits: Demonstrate capability to take leadership role in a

6
business situation

**************