CPT 581R: Risk Assessment
Spring 2006, T & TH, 4:30 - 5:45
Instructor: Matt Rose
Email: mrose@cerias.purdue.edu (please
begin Subject line with "CPT581R:")
Course Description:
This course provides in-depth study of information security risk assessment
from multiple perspectives. The course is interdisciplinary
in nature, drawing from technology, policy and law, business process, and human
performance, and it is a mixture of theory and practice. The course relies
on lecture, readings, in-class and online discussion, a practical experience,
and examinations.
Course Goals & Methods of Evaluation:
The primary purpose of this course is to enable students to become proficient
in information security risk assessment. After completion of this course,
students will be able to:
- Goal: Identify and
describe various risk assessment models, their requirements, strengths, and
weaknesses.
Evaluation Methods: Reading assignments & discussion, midterm
and final Examinations.
- Goal: Describe,
use and reflect upon a systematic, repeatable process to conduct
an information security risk assessment and present the results
in written and oral format in a business environment.
Evaluation Methods: Midterm and final examination,
risk assessment practical experience, class exercises and discussion.
- Goal: View information security risk assessment from a
customer relations and expectations point of view.
Evaluation Methods: Risk assessment practical experience,
classroom discussion.
Note on Service Learning:
CPT 581R is a service
learning course. Participants will
spend the first 7 weeks of the class learning through traditional methods,
i.e., lecture and reading. However, for the next 7 weeks of the class,
participants will be assigned to a team that is then assigned to a client to
perform an information security risk assessment. All clients in this
course will be state agencies in Indiana or K12 school corporations in the
west central area of Indiana.
A service learning course intends to provide an education experience:
- Whereby students learn and develop through active participation in thoughtfully
organized service experiences that meet actual community needs, that are
integrated into the students’ academic curriculum or provide structured
time for reflection, and that enhance what is taught in school by extending
student learning beyond the classroom and into the community.
- That increases the civic responsibility and citizenship of students in
the course; this occurs by exposing students to societal inadequacies where
they can use the community service experience as a foundation for learning
1) about oneself, 2) the academic discipline, 3) real world skills and techniques,
and 4) how the discipline, skills and techniques intersect with the social
world around us.
- That joins theory and practice, i.e., students experience
the relevance of the subject to the real world. Students in service
learning courses are empowered to make a difference with the skills they
are learning in an environment where there is a need; furthermore, the learning
experience and student learning outcomes are usually richer when there is
a distinct and known need for the service.
Course WebCT Vista:
This course uses WebCT Vista for out-of-class discussion
and communication as well as for coursework submission. Purdue students enrolled
in this course can access WebCT Vista at: http://www.itap.purdue.edu/tlt/ecourses/index.cfm.
Useful Links:
What is risk assessment? (from SecurityFocus): http://www.securityfocus.com/infocus/1591