• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
 
1
 
SRA
 
311:
 
Risk 
 
Management:
 
 Assessment 
 
and
 
Mitigation
 
(Section
 
001)
 
Spring
 
2009,
 
Tuesday
and
Thursday
mornings,
11:15am
 
until
12:30pm
, in
206
 
IST
 
SRA
 
311
 
Quick
 
Facts
 
Instructor
 
William
 
L.
 
McGill,
 
PhD,
 
PE,
 
CRE
 
Assistant
 
Professor
 
of 
 
Security
 
Risk
 
Analysis
 
307B
 
IST
 
Building,
 
University
 
Park,
 
PA
 
16802
 
(814)
 
867
0270
 
(office)
 
|
 
wmcgill@ist.psu.edu
 
professormcgill
 
(Skype)
 
Ender
 
Netizen
 
(SL)
 
|
 
Ender
 
Netizen
 
(Home)
 
http://www.professormcgill.com/blog/
 
Grader
 
Mr.
 
Ryan
 
Dewar
 
IST
 
Undergraduate
 
Student
 
rmd5019@psu.edu
 
Teaching
 
Intern
 
Mr.
 
Nicholas
 
Leghorn
 
IST
 
Undergraduate
 
Student
 
nbl5006@psu.edu
 
Office
 
Hours
 
Office
 
hours
 
are
 
by
 
appointment
 
only
 
,
 
and
 
may
 
happen
 
in
person,
 
via
 
Skype,
 
via
 
phone,
 
via
 
chat,
 
or
 
in
 
Second
 
Life.
 
Prerequisites
 
Probability
 
&
 
Statistics
 
(STAT
 
200)
 
Introduction
 
to
 
SRA
 
(SRA
 
111)
 
Terrorism
 
and
 
Crime
 
(SRA
 
211)
 
Information
 
Security
 
(SRA
 
221)
 
Decision
 
Analysis
 
(SRA
 
231)
 
Key
 
Deadlines
 
1/15/09:
 
CAR
 
#1
 
Due
 
1/29/09:
 
CAR
 
#2
 
Due
 
2/12/09:
 
Book
 
Review
 
#1
 
Due
 
2/26/09:
 
CAR
 
#3
 
Due
 
3/19/09:
 
Book
 
Review
 
#2
 
Due
 
4/02/09:
 
CAR
 
#4
 
Due
 
4/16/09:
 
CAR
 
#5
 
Due
 
5/05/09:
 
Final
 
Examination
 
5/07/09:
 
Final
 
Project
 
Due
 
Grade
 
Allocation
 
CAR
 
Assignments
 
20
 
pts
 
Book
 
Reviews
 
20
 
pts
 
Homework
 
/
 
Quizzes
 
20
 
pts
 
Final
 
Examination
 
20
 
pts
 
Final
 
Project
 
20
 
pts
 
Attendance
 
up
 
to
20
 
pts
 
Extra
 
Credit
 
up
 
to
 
+10
 
pts
 
Grading
 
Rubric
 
A:
95,
 
A
:
 
[90,95)
 
B+:
 
[86.7,90],
 
B:
 
[83.3,86.7),
 
B
:
 
[80,83.3)
 
C+:
 
[75,80),
 
C:
 
[70,75)
 
D:
 
[60,70),
 
F:
 
<
 
60
 
DESCRIPTION:
 
Risk 
 
Management:
 
 Assessment 
 
and 
 
Mitigation
 
is
 
a
 
 junior
level
 
undergraduate
 
course
 
designed
 
to
 
enhance
 
the
 
risk
 
literacy
 
of 
 
aspiring
 
security
 
risk
 
and
 
intelligence
 
professionals.
 
To
 
this
 
end,
 
the
 
course
 
covers
 
the
 
basic
 
philosophy
 
of 
 
risk
 
analysis
 
to
 
include
 
the
 
definition
 
of 
 
risk
 
and
 
“six
 
questions
 
of 
 
risk
 
assessment
 
and
 
risk
 
management;”
 
definition
 
of 
 
“security
 
context”
 
and
 
approaches
 
for
 
scoping
 
a
 
risk
 
assessment;
 
scenario
 
development
 
(set
 
theory);
 
threat
 
and
 
vulnerability
 
assessment
 
(probability
 
theory);
 
consequence
 
and
 
severity
 
assessment
 
(utility
 
theory);
 
analytic
 
confidence
 
assessment;
 
formulas
 
of 
 
risk;
 
data
 
collection
 
and
 
source
 
analysis;
 
structured
 
analytic
 
techniques
 
for
 
sensemaking;
 
risk
 
treatment
 
strategies
 
to
 
include
 
risk
 
acceptance,
 
risk
 
avoidance,
 
risk
 
transfer,
 
and
 
risk
 
mitigation;
 
risk
 
communication
 
and
 
risk
 
perception;
 
and
 
legal
 
and
 
ethical
 
issues
 
in
 
security
 
risk
 
management.
 
The
 
course
 
introduces
 
all
 
of 
 
these
 
concepts
 
through
 
critical
 
readings
 
from
 
the
 
security
 
risk
 
analysis
 
literature,
 
in
class
 
group
 
exercises,
 
case
 
studies,
 
and
 
student
 
projects.
 
OBJECTIVES:
 
Students
 
successfully
 
completing
 
this
 
course
 
can:
 
1.
 
Describe
 
the
 
role
 
of 
 
risk
 
analysis
 
in
 
decision
 
making
 
2.
 
Articulate
 
the
 
“six
 
questions
 
of 
 
risk”
 
and
 
thoroughly
 
describe
 
the
 
terms
 
and
 
notions
 
commonly
 
associated
 
with
 
security
 
risk
 
analysis
 
3.
 
Explain
 
the
 
different
 
types
 
of 
 
ignorance
 
and
 
uncertainty
 
and
 
provide
 
security
oriented
 
examples
 
of 
 
each
 
4.
 
Explain
 
the
 
difference
 
between
 
an
 
open
 
and
 
closed
world
 
and
 
describe
 
the
 
role
 
of 
 
the
 
residual
 
hypothesis
 
5.
 
Explain
 
the
 
fundamentals
 
of 
 
set
 
theory,
 
probability
 
theory,
 
possibility
 
vs.
 
potential
 
surprise,
 
and
 
utility
 
theory
 
6.
 
Explain
 
analytic
 
confidence,
 
its
 
expression
 
and
 
its
 
role
 
in
 
risk
 
analysis
 
7.
 
Demonstrate
 
the
 
application
 
of 
 
a
 
variety
 
of 
 
structured
 
analytic
 
techniques
 
in
 
a
 
security
 
context,
 
to
 
include
 
problem
 
restatement,
 
hierarchical
 
holographic
 
modeling,
 
divergent/convergent
 
thinking,
 
pre
mortem
 
and
 
root
cause
 
analysis,
 
analysis
 
matrices,
 
weighted
 
ranking,
 
influence
 
and
 
decision
 
diagrams,
 
and
 
event
 
trees
 
and
 
fault
 
tees.
 
8.
 
Describe
 
the
 
properties
 
of 
 
different
 
types
 
of 
 
measurement
 
scales
 
and
 
critically
 
evaluate
 
alternative
 
formulas
 
for
 
calculating
 
risks
 
9.
 
Discuss
 
several
 
security
 
risk
 
management
 
approaches,
 
including
 
the
 
ASIS
 
Guideline,
 
CORAS,
 
the
 
McCumber
 
Cube
 
Model,
 
OCTAVE,
 
etc.
 
10.
 
Develop
 
data
 
collection
 
strategies
 
for
 
answering
 
risk
 
questions
 
and
 
apply
 
techniques
 
to
 
appraise
 
the
 
competence
 
and
 
credibility
 
of 
 
human
 
sources
 
11.
 
Describe
 
the
 
four
 
alternative
 
strategies
 
for
 
treating
 
risk
 
12.
 
Perform
 
a
 
benefit
cost
 
analysis
 
(including
 
life
cycle
 
costs
 
and
 
performance
 
degradation)
 
for
 
real
 
risk
 
mitigation
 
options
 
13.
 
Discuss
 
the
 
role
 
of 
 
risk
 
analysis
 
in
 
auditing
 
and
 
accreditation
 
14.
 
Discuss
 
the
 
role
 
of 
 
risk
 
perception
 
in
 
risk
 
management
 
and
 
communication
 
15.
 
Discuss
 
legal
 
issues
 
confronting
 
security
 
risk
 
analysts
 
and
 
the
 
role
 
of 
 
professional
 
societies
 
in
 
standards
 
setting
 
and
 
credentialing
 
16.
 
Construct
 
stories
 
about
 
ethical
 
dilemmas
 
facing
 
security
 
risk
 
analysts
 
17.
 
Recite
 
and
 
apply
 
the
 
Eight
 
Elements
 
of 
 
Thought
 
and
 
the
 
Intellectual
 
Standards
 
to
 
critically
 
evaluate
 
articles
 
and
 
essays
 
on
 
the
 
topic
 
of 
 
risk
 
analysis
 
18.
 
Discuss
 
and
 
critically
 
evaluate
 
the
 
main
 
ideas
 
discussed
 
in
 
at
 
least
 
two
 
widely
 
recognized
 
books
 
on
 
risk
 
analysis,
 
and
 
relate
 
these
 
ideas
 
to
 
the
 
security
 
field
 
19.
 
Design
 
and
 
apply
 
a
 
risk
 
analysis
 
methodology
 
for
 
a
 
real
 
risk
 
analysis
 
problem
 
 
2
 
ASSIGNMENTS
 
AND
 
GRADING:
 
Course
 
assignments
 
consist
 
of 
 
critical
 
readings
 
of 
 
key
 
articles
 
on
 
risk,
 
critical
 
reviews
 
of 
 
widely
 
recognized
 
book
 
on
 
risk
related
 
topics,
 
homework
 
and
 
in
class
 
exercises,
 
a
 
final
 
methodology
 
development
 
project,
 
and
 
a
 
comprehensive
 
final
 
exam.
 
Each
 
of 
 
these
 
are
 
described
 
below.
 
Letter
 
grades
 
will
 
be
 
assigned
 
according
 
to
 
the
 
rubric
 
shown
 
at
 
the
 
bottom
 
of 
 
this
 
page.
 
Critical 
 
 Article
 
Reviews
 
(20 
 
 points):
 
Each
 
student
 
is
 
responsible
 
for
 
submitting
 
five
 
(5)
 
critical
 
article
 
reviews
 
(CARs)
 
on
 
key
 
security
 
risk
 
analysis
 
articles
 
at
 
set
 
times
 
throughout
 
the
 
semester.
 
Each
 
CAR
 
requires
 
the
 
student
 
to
 
provide
 
a
 
background
 
on
 
the
 
authors,
 
address
 
each
 
of 
 
the
 
Eight
 
Elements
 
of 
 
Thought
 
and
 
Intellectual
 
Standards
 
in
 
relation
 
to
 
the
 
authors’
 
arguments,
 
and
 
address
 
one
 
or
 
more
 
article
specific
 
questions
 
as
 
defined
 
by
 
the
 
instructor.
 
The
 
final
 
CAR
 
grade
 
is
 
taken
 
as
 
the
 
average
 
of 
 
the
 
grades
 
for
 
CAR
 
#4
 
and
 
CAR
 
#5
 
multiplied
 
by
 
the
 
fraction
 
of 
 
required
 
CARs
 
completed.
 
For
 
example,
 
a
 
student
 
completing
 
CAR
 
#1,
 
CAR
 
#2,
 
(missed
 
CAR
 
#3)
 
and
 
CARs
 
#4
 
and
 
#5
 
with
 
grades
 
26/30
 
and
 
28/30
 
will
 
have
 
a
 
final
 
CAR
 
grade
 
of 
 
(27/30)x(4/5)
 
=
 
21.6/30,
 
or
 
14.4
 
points
 
toward
 
the
 
student’s
 
final
 
grade.
 
Critical 
 
Book 
 
Reviews
 
(20 
 
 points):
 
Each
 
student
 
is
 
responsible
 
for
 
submitting
 
a
 
critical
 
book
 
review
 
for
 
each
 
of 
 
the
 
two
 
following
 
mass
market
 
publications:
 
Bernstein,
 
P.
 
L.
 
(1998).
 
 Against 
 
the
 
Gods:
 
The
 
Remarkable
 
Story 
 
of 
 
Risk 
.
 
Wiley
 
(ISBN:
 
0471295639).
 
Apgar,
 
D.
 
(2006).
 
Risk 
 
Intelligence:
 
Learning
 
to
 
Manage
 
What 
 
We
 
Don’t 
 
Know 
.
 
Harvard
 
Business
 
School
 
Press
 
(ISBN:
 
1591399548)
.
 
Each
 
book
 
review
 
is
 
worth
 
10
 
points
 
toward
 
the
 
student’s
 
final
 
grade.
 
Students
 
may
 
work
 
in
 
reading
 
or
 
discussion
 
groups
 
to
 
prepare
 
for
 
this
 
assignment,
 
but
 
the
 
submitted
 
assignment
 
must
 
be
 
the
 
student’s
 
own.
 
Homework 
 
and 
 
Quizzes
 
(20 
 
 points):
 
Throughout
 
the
 
semester,
 
students
 
and
 
groups
 
will
 
be
 
assigned
 
homework
 
problems
 
related
 
to
 
topics
 
covered
 
in
 
a
 
previous
 
lecture.
 
On
 
days
 
when
 
homework
 
is
 
not
 
due,
 
quizzes
 
on
 
course
topics
 
will
 
be
 
given
 
to
 
gauge
 
student
 
learning
 
and
 
to
 
offer
 
practice
 
for
 
the
 
final
 
exam.
 
Each
 
homework
 
assignment
 
and
 
quiz
 
will
 
be
 
weighted
 
according
 
to
 
difficulty
 
and
 
effort
 
required,
 
and
 
the
 
final
 
H&Q 
 
grade
 
will
 
be
 
determined
 
as
 
the
 
weighted
 
average
 
across
 
the
 
seven
 
highest
 
homework
 
grades
 
and
 
12
 
highest
 
quiz
 
grades.
 
Homework
 
and
 
quizzes
 
each
 
account
 
for
 
10
 
points
 
toward
 
the
 
student’s
 
final
 
course
 
grade.
 
Risk 
 
 Analysis
 
Project 
 
(20 
 
 points):
 
Each
 
student
 
will
 
participate
 
in
 
a
 
group
 
risk
 
analysis
 
study
 
that
 
focuses
 
on
 
a
 
real
world
 
security
 
risk
 
analysis
 
problem.
 
The
 
deliverables
 
consist
 
of 
 
a
 
5
10
 
minute
 
video
 
documentary
 
summarizing
 
the
 
findings
 
of 
 
the
 
study
 
OR
 
an
 
online
 
risk
 
assessment
 
tool
 ,
 
 AND
 
a
 
standalone
 
poster
 
summarizing
 
the
 
details
 
of 
 
the
 
study
 
to
 
include
 
methodology
 
development,
 
implementation,
 
and
 
critical
 
appraisal.
 
Topics
 
for
 
this
 
study
 
will
 
be
 
negotiated
 
before
 
the
 
end
 
of 
 
the
 
second
 
week
 
of 
 
class.
 
Final 
 
Examination
 
(20 
 
 points):
 
Each
 
student
 
MUST
 
complete
 
a
 
comprehensive
 
final
 
examination
 
that
 
consists
 
of 
 
two
 
parts.
 
The
 
first
 
part
 
has
 
the
 
student
 
doing
 
an
 
in
class
 
Critical
 
Article
 
Review
 
on
 
a
 
short
 
article
 
on
 
a
 
risk
related
 
subject
 
(the
 
article
 
will
 
be
 
provided
 
a
 
week
 
in
 
advance).
 
The
 
second
 
part
 
is
 
a
 
25
question
 
multiple
 
choice
 
exam
 
spanning
 
all
 
topics
 
covered
 
in
 
the
 
course.
 
Any
 
student
 
that
 
does
 
not
 
take
 
the
 
final
 
will
 
receiving
 
a
 
failing
 
grade.
 
 Attendance
 
20 
 
 points):
 
All
 
students
 
are
 
required
 
to
 
attend
 
all
 
sessions
 
of 
 
SRA
 
311.
 
Attendance
 
will
 
always
 
be
 
taken
 
in
 
some
 
way
 
or
 
another.
 
Each
 
student
 
is
 
allowed
 
two
 
days
 
off 
 
(freebie
 
days)
 
to
 
be
 
used
 
as
 
needed.
 
Each
 
additional
 
absence
 
will
 
take
 
one
 
point
 
off 
 
from
 
the
 
student’s
 
final
 
grade
 
for
 
a
 
maximum
 
of 
 
20
 
points.
 
One
 
bonus
 
point
 
will
 
be
 
awarded
 
for
 
each
 
unused
 
freebie
 
day.
 
For
 
example,
 
if 
 
a
 
student
 
misses
 
only
 
one
 
class
 
the
 
entire
 
semester,
 
he
 
will
 
receive
 
one
 
bonus
 
point
 
on
 
top
 
of 
 
his
 
final
 
grade.
 
In
 
contrast,
 
a
 
student
 
that
 
missed
 
7
 
lectures
 
will
 
lose
 
5
 
points
 
from
 
his
 
final
 
grade.
 
Extra
 
Credit 
 
(up
 
to
 
10 
 
 points):
 
A
 
variety
 
of 
 
extra
 
credit
 
opportunities
 
will
 
be
 
made
 
available
 
to
 
students
 
throughout
 
the
 
semester.
 
To
 
be
 
eligible
 
for
 
extra
 
credit,
 
a
 
student
 
(a)
 
must
 
have
 
completed
 
ALL
 
major
 
assignments
 
(CARs,
 
book
 
reviews,
 
final
 
project,
 
final
 
exam),
 
and
 
(b)
 
complete
 
the
 
assignment
 
as
 
directed.
 
In
 
general,
 
each
 
extra
 
credit
 
assignment
 
is
 
worth
 
2
 
or
 
4
 
points
 
toward
 
the
 
final
 
course
 
grade.
 
No
 
student
 
can
 
earn
 
more
 
than
 
10
 
points
 
toward
 
the
 
final
 
course
 
grade.
 
 
*IMPORTANT
 
NOTE:
 
The
 
SRA
 
major
 
requires
 
that
 
all
 
students
 
with
 
SRA
 
as
 
their
 
declared
 
major
 
achieve
 
a
 
grade
 
of 
 
C
 
or
 
better
 
in
 
this
 
course
 
to
 
satisfy
 
the
 
degree
 
requirements.
 
This
 
means
 
you
 
need
 
at
 
least
 
70
 
points
 
to
 
pass.
 
 
3
 
TOPIC
 
AGENDA:
 
The
 
following
 
is
 
the
 
schedule
 
of 
 
topics
 
for
 
the
 
Spring
 
2009
 
semester.
 
Due
 
at
 
each
 
lecture
 
is
 
some
 
“vehicle
 
of 
 
accountability”
 
or
 
“deliverable,”
 
whether
 
it
 
be
 
an
 
assignment,
 
project,
 
homework
 
assignment
 
or
 
quiz.
 
NOTE:
 
The
 
above
 
schedule
 
is
 
only
 
preliminary,
 
and
 
may
 
change
 
depending
 
on
 
the
 
needs
 
of 
 
the
 
class.
 
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...