Experiential Activities for the Instruction of Risk Management
Start Date
12-10-2019 2:25 PM
End Date
12-10-2019 2:50 PM
Location
KSU Center Rm 400
Abstract
A core premise in the instruction of Information Security/Cybersecurity is that risk management is a cornerstone of security management, as evidenced in the promotion of GRC (Governance, Risk Management and Compliance) as the strategic triad in the trade press. While teaching the theory of Risk Management can be accomplished through either an asset assessment approach or other less common approach like an attack tree. While a theoretical exploration of risk management is important, the provision of an experiential activity to support the theory is valuable in cementing the knowledge in students. This presentation will cover popular risk management methodologies and examine a number of tools to support the application of the more common methodologies that can be used by instructors without substantial cost or learning curve.
Experiential Activities for the Instruction of Risk Management
KSU Center Rm 400
A core premise in the instruction of Information Security/Cybersecurity is that risk management is a cornerstone of security management, as evidenced in the promotion of GRC (Governance, Risk Management and Compliance) as the strategic triad in the trade press. While teaching the theory of Risk Management can be accomplished through either an asset assessment approach or other less common approach like an attack tree. While a theoretical exploration of risk management is important, the provision of an experiential activity to support the theory is valuable in cementing the knowledge in students. This presentation will cover popular risk management methodologies and examine a number of tools to support the application of the more common methodologies that can be used by instructors without substantial cost or learning curve.
Comments
Note: this is a presentation-only submission. There will be no full paper published in the proceedings.