Risk Analysis and Economics of Security (MIS648)

This course provides a working knowledge of risk analysis and management for enterprise security.   The emphasis is on modeling, analysis and economic evaluation of technology risks.   The students learn about business continuity and disaster recovery planning, security risks, tangible and intangible consequences of security failures, risk mitigation options and economic trade offs. The first part of the course covers the basics of risk identification, assessment, control and mitigation using a system framework. The second part covers application of decision theory and engineering economics to security options based on models that consider risk profile and uncertainty in enterprise security problems.  The learning is reinforced through case reviews and team projects. Prerequisites: TM 605 and TM 500 or equivalent.