INFOSEC 690R Information Risk Management

INFOSEC 690R Information Risk Management




  • When: Sep 5 – Oct 26, 2017. This is a 3-credit, semester-length course that is scheduled at an accelerated pace of 8 weeks. Each week is comprised of two 2-hour sessions.
  • Where: Students can choose to take the class either 1) in-person at the UMass Center in Springfield, MA ; 2) or as remote participants. All class sessions will be recorded, which online students can view later in the day or week. Readings, discussion forums, and other interactive sessions are required of remote participants.
  • Instructor: Mandy Andress
  • Enroll now.
  •  This class can be applied towards the Information Security Certificate or as an outside elective for the CS MS degree.

This course reviews information governance, information technology policy, privacy and security, regulatory compliance and project management as a comprehensive program applicable to any corporate network system.  In this course, we will review the most contemporary literature as it is still developing on this topic as well as engage students in a case study that will allow them to make connections between the academic literature and actual practice.  Project management tailored to information security and privacy will also be a centerpiece of the case study and course content. 

Learning objectives of this course include:

  • Defining risk in the context of information management
  • Identifying discreet types of risk and relevant approaches to management
  • Discerning risk appetite related to context
  • Learning specific project management techniques for information technologies and networked systems
  • Applying academic concepts to practice through a group, case study process


There are no uniform exams for this course.  Each student should be prepared to engage in Socratic dialogue with the instructor based on readings and the development of course content and to contribute on-going and original thought in class discussion.  Group work will be incorporated into class exercises as well as student-student evaluation as an integral component of course work. 

Students will also identify in consultation with the instructor a research topic.  On-going consultation with the professor is encouraged throughout the duration of the research.  Final product will be in the form of standard term paper and presentation of the material to the class.  These presentations will be made throughout the course and do not have to coincide with the final paper.   Students are further encouraged to consider topics early in the course.  Scheduling of the presentations will be made within the first couple weeks of the course and dependent on class size and weekly topics.

Grading will be based on all of these components of the course. 


Week One

Class One: Introduction
Course Objectives
Schedule and Syllabus
Overview of Information Risk Management
General Overview of Case Study Process


Class Two:     Basic Risk Concepts
Introduction to FAIR and risk frameworks

Readings:      Freund, Chapters 2-3
                        Hubbard, Failure, Chapter2 2-3


Week Two

Class Three:  Understanding FAIR

Readings:      Freund, Chapter 4
                        Hubbard, Failure, Chapter 5


Class Four:    Introduction to Measurement

Readings:      Freund, Chapter 5
                        Hubbard, Failure, Chapter 6
                        Hubbard, How to Measure, Chapters 1-3

Week Three

Class Five:     Introduction to Measurement

Readings:      Hubbard, Failure, Chapter 7
                        Hubbard, How to Measure, Chapters 4-7


Class Six:       Risk Analysis

Readings:      Freund, Chapters 9-10
                        Hubbard, Failure, Chapter 8


Week Four

Class Seven:  Measurement Methods  

Readings:      Hubbard, Failure, Chapter 10
                        Hubbard, How to Measure, Chapters 8-10


Class Eight:   Putting the Concepts Together, Using Frameworks

Readings:      Freund, Chapters 12 and 14
                        Hubbard, Failure, Chapter 12
Mitrano and Cunningham, The Role of Privacy Practices in Information Management, EDUCAUSE,


Week Five  

Class Nine:    Advanced Measurement

Readings:      Hubbard, Failure, Chapter 11
                        Hubbard, How to Measure, Chapters 11-14


Class Ten:      Risk Analysis

Readings:      Freund, Chapters 6-8

Week Six

Class Eleven:            Guest Speaker 

Readings:      Freund, Chapter11

Class Twelve:            Managing Risk

Readings:      Freund, Chapter 13


Week Seven

Class Thirteen:         Mitigating Risk



Class Fourteen:  TBA

Week Eight

Class Fifteen:           Case Study Wrap Up and Presentations

Class Sixteen:          Case Study Wrap Up and Presentations