T. A.

PAI MANAGEMENT INSTITUTE (TAPMI), MANIPAL

IT RISK MANAGEMENT & CYBER SECURITY

Programme: PGDM - BKFS
Batch: 2020-2022
Term: 5
Course Name: IT Risk Management & Cyber Security – BFS 6602
Credits: 2 (20 Hours)
Course Instructor: Prof. Gurudutt Nayak (Core)

PART 1
INTRODUCTION  

In the 21st century Information and Communications Technology (ICT) enabled business enterprises,
Information Technology (IT) risks matter more than ever. IT risk is defined as the business risk
associated with the use, ownership, operation, involvement, influence and adoption of IT within an
enterprise. Absence of IT risk management provides opportunities to risk incidents, carrying a much
higher price tag than they used to. IT Risks not only have severe financial implications, but damage
corporate reputations and dampen competitive advantage. Effective management of IT risks can help
organizations to capitalize on opportunities and minimize threats. This course will train the students to
become a proactive risk manager by understanding both qualitative and quantitative approaches to
risk management. Further, students will also learn how to establish an acceptable level of risk, how to
evaluate and respond to various risks by developing a practical risk response plan. The course includes
a special focus on Cyber Security, given its growing importance.

COURSE OBJECTIVES (CO)

The objectives of the course “IT Risk Management and Cyber Security” are to:
1. Understand degree of business dependence on information technology
2. Understand and record technology-specific risks
3. Identify, qualify, quantify, prioritize, and manage IT risks
4. Understand and apply different IT Risk Assessment Standards, Models and Methodologies
5. Understand the Cyber Security Risks and Practical ways to address them

1
COURSE LEARNING OUTCOMES (CLO)
At the end of this course, the students will be able to:

CLO 1: Describe in detail the types of IT risk faced by an enterprise and its implications to the
enterprise’s present and future. (PLG 1)
CLO 2: Identify various types of IT risks faced by an enterprise and apply concepts/techniques to
categorize and prioritize them; develop a clear way of managing the risks identified. (PLG 2)
CLO 3: As an IT leader of an enterprise, demonstrate ability to take right decisions at right time in order
to address the IT Risks. (PLG 6)

COURSE CONTENT
 This course will cover understanding of risk management processes required dealing with four types
of IT risks viz. Availability, Access, Accuracy and Agility.
 This course also covers IT risks associated with IT outsourcing and IT enabled organizational change
 This course also introduces following three core disciplines to address aforementioned risks that the
decision makers of various enterprises must master to manage IT risk effectively.
o A solid foundation of IT assets, people and supporting processes and controls
o A well designed risk governance process
o A risk aware culture

PRESCRIBED TEXT BOOK

There is no prescribed text book for the course.

OTHER READINGS AND REFERENCES

a) IT Risk : Turning Business Threats into Competitive Advantage by George Westerman and
Richard Hunter , Published by HBS Press
b) Information Security and IT Risk Management – Manish Agarwal, Alex Campoe and Eric Pierce,
Wiley India.
c) CISA Certified Information Systems Auditor Study Guide. 4th Edition , David L.Cannon, Brian
T.O'Hara and Allen Keele
d) IT Security , Indian Institute of Banking and Finance

POLICY ON PLAGIARISM:

Plagiarism percentage score up to 5% in submission of any word based assignment is permitted.

Beyond this percentage, negative marks would be applied as penalty.

2
 ASSESSMENT SCHEME AND WEIGHTAGE:
{a} END-TERM

Weightage Duration Open / Closed

Evaluation CLO Tested
(%) (Minutes) Book

End Term Exam 50 120 Closed Book CLO 1 & CLO 2

{b} OTHER ASSESSMENTS

Sl Unit of Weightag
Evaluation type Time CLO
No. Evaluation e
1 Quizzes Individual 10% anytime NA
PART Group Project Report 2:
2 Group 20% After Session 19 NA
Submission
Pre-work and Class work
3 Submissions/Presentation Group 20% Ongoing NA
s

SESSION PLAN

Note : Various case-lets & in-class activities will be shared during respective sessions

Additional
Session Topic Pedagogy Reading Reading &
References*

Introduction to IT Risk
Pre-read: Developing a Common
Management,
1&2 Lecture Language About IT Risks a
Link to ERM and
4A's Framework
Article: WHY YOUR IT PROJECT
IT Project Risks – MAY BE RISKIER THAN YOU
3&4 Various types of "IT Lecture THINK b
projects" (F1109A-PDF-ENG)

Lecture Pre-read: Emerging Technology:

Realizing Business Value and
5 Risks in IT Enabled Managing Risk in IT
Business Change

3
 Additional
Session Topic Pedagogy Reading Reading &
References*
programs

IT risks: Cloud, Mobile

Lecture
6 Risks across enterprise
with IT dependence
IT Risks in Multi
division, multi-country
7 organizations -
Lecture
Infrastructure, People,
Decision Rights and
Culture
Legal aspects of IT risk
8 Lecture
management
(a)Business Continuity
9 & 10 Planning Lecture c
(b) DRP
(A)Configuration
Management
(B)Change
Management
11, 12 & (C.) Value Management
Lecture c
13 (d) Practical aspects of
Risk Management:
Reporting, Reviews,
Artefacts in Risk
Management

Cyber Security – 1 Coursera course on

14 Lecture b
Basics “Cybersecurity for Business”

Coursera course on
Cyber Security - 2
Case “Cybersecurity for Business”
15 Readiness and b
discussion Case: Autopsy of a Data Breach
Incident Management
– the Target Case

IT Risk Governance Pre-read:

Process Governing Information
16 & 17 CobIT 5 & other Lecture Technology Risk d
frameworks Pre-read: Risk Management
Guide for IT System : NIST

4
 Additional
Session Topic Pedagogy Reading Reading &
References*

18 IT Audits and Reporting Lecture c

Browse the web for "Governance

GRC and other SW
, Risk and Compliance "
19 tools for IT risk Lecture
And for "IT Service
management.
Management" software

Group Project Report Submission (WT - 20%)

Behavioural and
Cultural dimensions in
IT Risk management
Pre-read: Are You the Weak
20 Building Risk Aware Lecture a
Link?
culture
Role of Line
Management in
Managing IT Risks
Please refer to ‘Other readings & references’ as per the indicators a, b, c, d & e listed above the plagiarism
policy note.

5
 PLG MAPPING FOR THE COURSE
Addressed CLO
PLG# Program Level Learning Goal by Course?
No.
(Yes / No)

Application of Fundamentals
PLG 1 Traits: Demonstrate application of functional / conceptual Yes CLO 1
knowledge to business situations

Problem Identification and Solution

PLG 2 Traits: Demonstrate ability to identify a problem, critically Yes CLO 2
assess various alternatives and suggest appropriate solution

Integrative Thinking
PLG 3 Traits: Demonstrate ability to identify inter-linkages among No NA
functional areas within an enterprise and assess the impact of
external environment on its performance

Effective Communication
PLG 4 Traits: Demonstrate proficiency in Oral and Written No NA
Communication

Ethical Responsibility
PLG 5 Traits: Demonstrate awareness and assess impact of ethical No NA
behavior on business

Leadership
PLG 6 Traits: Demonstrate capability to take leadership role in a Yes CLO 3
business situation

*****