SENECA COLLEGE           Business Intelligence Research Analyst Program

B.I.T.   801 RISK AND THREAT ASSESSMENT This course examines risk and threat assessment from human, technological and environmental circumstances. Procedures, policies & techniques and countermeasures to assess risks levels and quantify threats. Focus on the ability of an organization to maintain business intelligence in the face of the growing intensity of global challenges. Topics include hacking, penetration testing, intrusion investigation, countermeasures, biometrics, cryptography, identity theft, DNS attacks, scams and viruses & firewalls. This subject is focused on a non-technical security perspective but some technical explanations will be available for enrichment. .. primary text   secondary text secondary text   reference text reference text Principles of Information Security (2nd Ed. used 2008) (3rd Ed. for 2009) Whitman & Mattord ISBN 0-619-06318-1 Security Policies and Procedures  by Sari Greene ISBN 0-13-186691-5 Electronic Commerce: Security, Risk Management, and Control (2nd Ed. used 2008) by Greenstein   Internet Law in Canada,  3rd Edition by Geist ISBN 1-55322-047-1 Secrets & Lies by Bruce Schneier www.schneier.com also www.counterpane.com using chapters  1,3,4, 7, 8 using chapters  3, 4, 5, 7, 8, 9, 11, 13 using chapters 4,7,8,9,10,11, 12 using chapters  3, 6, 15, 19, 20

As Taught by Prof. Tim Richardson School of Marketing and e-Business, Faculty of Business

handed out copies of Chpt 4 for discussion

discussed Chpt 4 in class, in detail

handed out copies of Chpt 5 for discussion Jan 22

will discuss Chpt 7 copy will be given out in advance (left them w Jim Davidson to give to you)

Mini-Assignment # 2 - in your own words
A - Find a real-life example of a company that encountered a risk situation, describe what the threat was, and discuss, if you can tell, whatthe vulnerability might have been to the threat being realized

B - write this out on a page and bring to class Jan 29th
- it is expected that you will be very energetic in your pursuit of a good example and will take more than one or two sentances to describe this

discussed in length Chpt 19 and 20 - including  oHoney Pots  oPatches  oBiometrics

discussed Chpt 5  in class

CALIFORNIA www.oispp.ca.gov/government/risk/toolkit.asp

discussed Chpt 6 (one page re: GOPST)  in class handed out Chpt 7 for next class March 4th

G.O.P.S.T., re-do in your groups, hand in March 4th  11th

took up the GOPST assignment and discussed the terms
 

discussed Chpt 7 in class

v

handed out the beginning of Chpt 8 for discussion Mar 11 - (that deals with SOPs) handed out copies of Chpt 9 for discussion Mar 11

students told to read Countermeasures: Deterrence and the section from Greene Chpt 8 that deals with  SOPs

make a summary of Chpt 8 / Chpt 9 for discussion Mar 18

handed out copies of pages in Chpt 8 re: firewalls for discussion next class

Mini-Assignment # 5
for March 27th, hand in April 1st
- research and discuss a Canadian example (not on the BIT 801 website) of an Outsourcing Risk or Third Party Risk
Discuss:

• what was the exposure,
• what happened,
• what happened after,
• what would you have recommended

Katie will cover Contingency Planning
George - Cryptography etc.
Catherine - outsourcing
Urvi - privacy violations
Dave - ???

You will be expected to make a 10 minute presentation on the topic expanding on what already exists on the site, as well as adding in any updates or additional information as you see fit
The presentation will be digitally recorded and it it "good", it may be added to the site as a "student contribution"
- you are expected to come on time at 8:00 and contribute meaningfully to each other's presentations by paying attention and asking good questions