INFOSEC 690R Information Risk Management


  • When: Sep 5 - Oct 26, 2017. This is a 3-credit, semester-length course that is scheduled at an accelerated pace of 8 weeks. Each week is comprised of two 2-hour sessions.
  • Where: Students can choose to take the class either 1) in-person at the UMass Center in Springfield, MA ; 2) or as remote participants. All class sessions will be recorded, which online students can view later in the day or week. Readings, discussion forums, and other interactive sessions are required of remote participants.
  • Instructor: Mandy Andress
  • Enroll now.
  •  This class can be applied towards the Information Security Certificate or as an outside elective for the CS MS degree.


This course reviews assessing, measuring, and managing information risk in today's organizations.  In this course, we will review the most contemporary literature as it is still developing on this topic as well as engage students in case studies that will allow them to make connections between the academic literature and actual practice. 

Learning objectives of this course include:

  • Defining risk in the context of information management
  • Identifying discreet types of risk and relevant approaches to management
  • Discerning risk appetite related to context
  • Applying academic concepts to practice through case study process


There are no uniform exams for this course.  Each student should be prepared to engage in Socratic dialogue with the instructor based on readings and the development of course content and to contribute on-going and original thought in class discussion.  Group work will be incorporated into class exercises as well as student-student evaluation as an integral component of course work. 

Students will also identify in consultation with the instructor a research topic.  On-going consultation with the professor is encouraged throughout the duration of the research.  Final product will be in the form of standard term paper and presentation of the material to the class.  These presentations will be made throughout the course and do not have to coincide with the final paper.   Students are further encouraged to consider topics early in the course.  

Grading will be based on all of these components of the course. 


Week One

Class One:          Introduction
9/5                       Course Objectives
                            Schedule and Syllabus
                            Overview of Information Risk Management
                            General Overview of Case Study Process

Class Two:         Basic Risk Concepts
9/7                      Introduction to FAIR and risk frameworks

Readings:           Freund, Chapters 2-3
                           Hubbard, Failure, Chapter 2-3


Week Two

Class Three:      Understanding FAIR

Readings:          Freund, Chapter 4
                          Hubbard, Failure, Chapter 4-5


Class Four:        Introduction to Measurement

Readings:          Freund, Chapter 5
                          Hubbard, Failure, Chapter 6
                          Hubbard, How to Measure, Chapters 1-2


Week Three

Class Five:       Introduction to Measurement

Readings:        Hubbard, Failure, Chapter 7
                        Hubbard, How to Measure, Chapters 3-4

Class Six:        Risk Analysis

Readings:       Freund, Chapters 9-10
                       Hubbard, Failure, Chapter 8
                       Hubbard, How to Measure, Chapters 5

Week Four

Class Seven:  Measurement Methods 

Readings:      Hubbard, Failure, Chapter 10
                      Hubbard, How to Measure, Chapters 6-7

Class Eight:   Putting the Concepts Together, Using Frameworks

Readings:      Freund, Chapters 12 and 14
                      Hubbard, Failure, Chapter 12

Week Five  

Class Nine:    Advanced Measurement

Readings:      Hubbard, How to Measure, Chapters 8-9


Class Ten:      Risk Analysis

Readings:      Freund, Chapters 6-8
                      Hubbard, How to Measure, Chapters 10-12

Week Six

Class Eleven:   Controls         

Readings:         Freund, Chapter 11

Class Twelve:   Managing Risk

Readings:      Freund, Chapter 13


Week Seven

Class Thirteen:  Mitigating Risk



Class Fourteen:  Building a Risk Management Program

Week Eight

Class Fifteen:     Presentations

Class Sixteen:    Presentations and Wrap Up - PAPERS DUE END OF DAY

General Course Information, Academic Integrity and Disability Services

For information about University of Massachusetts Amherst Student Disability Services, please see:

Also, please review the University of Massachusetts Amherst Academic Honesty Policy and Procedures, to be found starting at this page:

Contact information, office hours and other logistics to be addressed on site at the first class.


Saturday, June 11, 2016 to Thursday, September 1, 2016
Tuesday, September 5, 2017 to Thursday, October 26, 2017
Class meets on: 
Remote participation
Amanda Andress
June, 2017