The most effective skill that an IT manager can possess is the ability to take a holistic approach, think critically and creatively, and, thus, mesh disparate elements so that they work together smoothly. Thus, Clark University's Master of Science in Information Technology is designed to prepare professionals to meet this need with confidence. In the M.S.I.T., students learn the strengths and weaknesses of each technology, how all of the technologies interface, and the ability to envision the totality of this new industry.

Evan is a part-time instructor in this program. He has developed a special topics course that focus on issues in information security that help to prepare these future information technology leaders for their part in protecting organizations. The Information Security Risk Management course ran for the first time in the summer of 2008, and another session just completed during the 2009 summer semester.

The next session of this course will be offered in the Spring of 2010 at Clark's Worcster campus. Starting this Spring Evan's class becomes one of the few MSIT courses to be offered to the Graduate School of Management MBA and MSF students as well.

Special Topics Course: MSIT3440 - Information Security Risk Management

Semester: Spring 2010
Schedule: Wednesdays, 6:30pm - 9:30pm
Campus: Worcester, MA
Course Description:
Functional, performance, and economic considerations used to dominate the IT environment, however, security criteria have now emerged as another primary concern for decision makers. It is essential for any IT professional to understand the risk management lifecycle and the various frameworks which have evolved to model proper information security management. This course will explore each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly mitigate and assess risk. Students will learn techniques to perform risk assessments for new IT projects, how to measure security ROI, and how to quantify the current risk level for presentation to executive level management. A common case study will be followed throughout the course to provide a holistic view of how to properly use tools to calculate the costs and benefits of any security investment.

Textbook: T. Peltier, 'Information Security Risk Analysis', Auerbach, 2005.

Course Approach:
Weekly exercises will be assigned to students individually or to be completed in small groups according to the week's topic. The assignments will follow a progression of the typical risk management lifecycle showing students how to complete each step in a real world scenario based on a single case study that will be used throughout the semester. Assignments will be based on an assessment of a fictional government agency and other instructor provided information. The final project will be based on one of three hypothetical scenarios to be assessed using the FRAAP approach.

The midterm exam will consist of several individual exercises to be completed outside of class by students individually based on a fictional government agency case study. Students will receive feedback on individual assignments and should make revisions before turning in the completed midterm deliverable. This deliverable will resemble several sections of a typical risk analysis report.

By the end of the semester, student groups will have completed an entire risk analysis report which is a compilation of the various weekly assignments and midterm exam. This final report will be presented by each group to the class as if they were presenting the results to an executive management group. Students will be graded on the content of the report and the manner in which it is presented.

Course Format:
Every other week, the class period will begin with a short quiz for extra credit based on the assigned reading or last week's lecture material. The answers to the quiz will be reviewed after completion.

Lecture will cover topics related to the reading, but will not just review or summarize the reading. When articles are assigned, the lecture will include class discussions. The topics covered in lecture should help the student apply the reading materials to practical situations and advanced topics. The format will vary based on the week's topic.

When available, guest speakers will come in to present their perspective on a special area related to the week's topic and provide real world examples for students. This also provides a great networking opportunity for students to meet active professionals in the field. When speakers are not available, lecture or hands on activities will be substituted.

Hands on activities or demonstrations will be used to illustrate real world applications of the week's topics. This may involve demonstrations of risk assessment tools, interactive group exercises, or instructor lead hands on exercises to illustrate pertinent concepts. Completion of in class activities and participation in discussions on Cicada ( will comprise the participation portion of your grade in addition to participating in class discussions.

