DHP D290: Cyber Risk Management
This course provides a survey of different tools and techniques for assessing and addressing online risks in an organization including threat modeling, security metrics and budgeting, incident response and remediation, legal compliance, and cyber-insurance. Through case studies of real companies and cybersecurity incidents, students will learn how to identify potential cyber threats to an organization, address related supply chain and procurement risks, develop qualitative and quantitative metrics for assessing cybersecurity, establish a policy for responding to law enforcement requests for data, use international security standards and frameworks, negotiate insurance coverage for cyber risks, and incorporate cloud-based services and other third-party IT vendors into a comprehensive cyber risk management plan for a multinational organization. The organizational risks discussed will include data breaches, online financial fraud, industrial espionage, social engineering, denial-of-service attacks, cloud provider outages, and online extortion. The first part of the class will focus on organizational threat modeling and risk assessment techniques, the second part will look at budgeting and metrics for cybersecurity, the third part will explore techniques for cyber risk sharing, and the fourth part will look at incident response and mitigation.