Professional Documents
Culture Documents
PART 1
INTRODUCTION
In the 21st century Information and Communications Technology (ICT) enabled business enterprises,
Information Technology (IT) risks matter more than ever. IT risk is defined as the business risk
associated with the use, ownership, operation, involvement, influence and adoption of IT within an
enterprise. Absence of IT risk management provides opportunities to risk incidents, carrying a much
higher price tag than they used to. IT Risks not only have severe financial implications, but damage
corporate reputations and dampen competitive advantage. Effective management of IT risks can help
organizations to capitalize on opportunities and minimize threats. This course will train the students to
become a proactive risk manager by understanding both qualitative and quantitative approaches to
risk management. Further, students will also learn how to establish an acceptable level of risk, how to
evaluate and respond to various risks by developing a practical risk response plan. The course includes
a special focus on Cyber Security, given its growing importance.
1
COURSE LEARNING OUTCOMES (CLO)
At the end of this course, the students will be able to:
CLO 1: Describe in detail the types of IT risk faced by an enterprise and its implications to the
enterprise’s present and future. (PLG 1)
CLO 2: Identify various types of IT risks faced by an enterprise and apply concepts/techniques to
categorize and prioritize them; develop a clear way of managing the risks identified. (PLG 2)
CLO 3: As an IT leader of an enterprise, demonstrate ability to take right decisions at right time in order
to address the IT Risks. (PLG 6)
COURSE CONTENT
This course will cover understanding of risk management processes required dealing with four types
of IT risks viz. Availability, Access, Accuracy and Agility.
This course also covers IT risks associated with IT outsourcing and IT enabled organizational change
This course also introduces following three core disciplines to address aforementioned risks that the
decision makers of various enterprises must master to manage IT risk effectively.
o A solid foundation of IT assets, people and supporting processes and controls
o A well designed risk governance process
o A risk aware culture
a) IT Risk : Turning Business Threats into Competitive Advantage by George Westerman and
Richard Hunter , Published by HBS Press
b) Information Security and IT Risk Management – Manish Agarwal, Alex Campoe and Eric Pierce,
Wiley India.
c) CISA Certified Information Systems Auditor Study Guide. 4th Edition , David L.Cannon, Brian
T.O'Hara and Allen Keele
d) IT Security , Indian Institute of Banking and Finance
POLICY ON PLAGIARISM:
2
ASSESSMENT SCHEME AND WEIGHTAGE:
{a} END-TERM
Sl Unit of Weightag
Evaluation type Time CLO
No. Evaluation e
1 Quizzes Individual 10% anytime NA
PART Group Project Report 2:
2 Group 20% After Session 19 NA
Submission
Pre-work and Class work
3 Submissions/Presentation Group 20% Ongoing NA
s
SESSION PLAN
Note : Various case-lets & in-class activities will be shared during respective sessions
Additional
Session Topic Pedagogy Reading Reading &
References*
Introduction to IT Risk
Pre-read: Developing a Common
Management,
1&2 Lecture Language About IT Risks a
Link to ERM and
4A's Framework
Article: WHY YOUR IT PROJECT
IT Project Risks – MAY BE RISKIER THAN YOU
3&4 Various types of "IT Lecture THINK b
projects" (F1109A-PDF-ENG)
3
Additional
Session Topic Pedagogy Reading Reading &
References*
programs
Coursera course on
Cyber Security - 2
Case “Cybersecurity for Business”
15 Readiness and b
discussion Case: Autopsy of a Data Breach
Incident Management
– the Target Case
4
Additional
Session Topic Pedagogy Reading Reading &
References*
5
PLG MAPPING FOR THE COURSE
Addressed CLO
PLG# Program Level Learning Goal by Course?
No.
(Yes / No)
Application of Fundamentals
PLG 1 Traits: Demonstrate application of functional / conceptual Yes CLO 1
knowledge to business situations
Integrative Thinking
PLG 3 Traits: Demonstrate ability to identify inter-linkages among No NA
functional areas within an enterprise and assess the impact of
external environment on its performance
Effective Communication
PLG 4 Traits: Demonstrate proficiency in Oral and Written No NA
Communication
Ethical Responsibility
PLG 5 Traits: Demonstrate awareness and assess impact of ethical No NA
behavior on business
Leadership
PLG 6 Traits: Demonstrate capability to take leadership role in a Yes CLO 3
business situation
*****