MGD426-2017

updated 2019 Dec 20
This course was taught by Tim Richardson at University of Toronto, Mississauga Campus Sept 2014- April 2017
Parts of this page have not been updated since 2016.
Several of the "units" are updated regularly because they are taught in other courses by Richardson.

MGD 426
Risk Management for Digital Industries
.
A 4th year course at the University of Toronto at Mississauga -
Monday 5:10 - 7:00pm in the IB Bldg.2nd floor, room 250
For the section(s) taught by Prof. W. Tim G. Richardson

Jan

Feb

Feb / March

March / April

tips specific to earning class participation / contribution marks
noted briefly Jan 2nd
read on your own
-------------------------------
www.schneier.com
he has a great blog
------------------------------
Risks associated with
4Ps and 6Es
4Ps are things you can control
6Es are things you cannot control
did Jan 2nd
------------------------------
Difference between
Regular Crime and
Cyber Crime

http://www.youtube.com/watch?v=3S0KvbX9fHI

41 sec.
did Jan 2nd
- watcn again and make comments through YouTube
-------------------------------
Risk and Threat for I.T.
Intro - fundamentals
for Jan 9th
Vulnerability can exist in many forms
- pancake story
Asymetrical Cyber Security.

http://www.youtube.com/watch?v=l0JbPQBmUP0

Asymmetrical Cyber Security
relationship to Guerilla Warfare
noted briefly Jan 2nd
read on your own

http://www.witiger.com/ecommerce/LAWs-rocket.jpg

noted briefly Jan 2nd
read on your own
-------------------------------

2013, 2014 Keynotes
noted briefly Jan 2nd
will discuss Jan 9

cybersecurity speeches at The Mackenzie Institute
powerpoints
The 2014 version has 12 slides
The 2013 version has 47 slides
noted Jan 2nd in context of threats to infrastructure

-------------------------------
Text Chpt 1
Def'n of Risk
Types of Risk
Risk Description
Risk Classification
Risk Likelihood and Magnitude
-------------------------------
Text Chpt 2
Impact of Risk
Level of Risk
Impact of Hazard Risk
Risk and Reward
-------------------------------
Text Chpt 3
Types of attacks
for Jan 16
Types of Cyber Security Threats - simple intro

student video 2014 Nov.
Basic Terms Intro by Dilprett and Geetha
3 min 49 sec
for Jan 16
.
Types of Risk
did Jan 16
o Hazard Risk
aka Pure Risk
o Control Risk
o Opportunity Risk
aka Speculative Risk

video discussing differences between
Speculative (Opportunity) Risk
and Pure (Hazard) Risk
did Jan 16
--------------------------------
Text Chpt 4
Development of Risk Management
Terms
f
Asset
Threat Agent
Vulnerability
Exposure
Countermeasure

R=TxVxC
Risk=Threat x Vulnerability x Cost
did Jan 16
--------------------------------
Competition
o Who is Competition
(done in CCT224)
(review for MGD426)
f
o Types of competition
(done in CCT224)
noted for MGD426.
------------------------
o Hackers Social Engineering
di
o Hacking and the Trojan
Horse
did Jan 16
o Hacking tools
script kiddies
o ~~Hacking video MSNBC~~
-----------------------------------
SOPs
mentioned Jan 2nd
Standard Operating Procedures
noted Jan 2nd
o Spyware
also discussed difference between Spyware and Malware

o Email filtering
3
o Patches

- Patches video
----------------------------------
student Leenah Hassan
discussing Snowden
trailer
showed
Snowden documentary 2015
YouTube 58 min
noted
what is interesting is not the fact that Snowden discussed information but rather he disclosed how the information was gathered
-------------------------------------
also discussed Sept 23 2016
JTF2, CSOR
Red Teams

went down the class list and had everone report on "progress" on
Assignment 1
--------------------------------
Competitor Intelligence
- Humint
- Teckint
- Osint
- Geoint
- read through completely on your own again
.
Difference between Information and intelligence
did Jan 9
--------------------------------
Arthur Weiss
four stages in monitoring competitors - the four "C"s
you may have missed this in the Competitor Intelligence section, make sure you read it
1. Collecting the info
2. Convert info into intelligence
- Collate and catalogue it,
- Verify authenticity
- Interpret it and Analyse it
3. Communicating the intelligence.
- to decision makers
4. Countering any adverse competitor actions.
--------------------------------
view videos on SOURCES of COMPETITOR INTELLIGENCE
- add comments,
- agree
- disagree
- new suggestions of sources
.

a branded consumer product
make comments
.

http://www.youtube.com/watch?v=HxmPgv23rAM&feature=youtu.be

a branded consumer service
noted ... make comments
.

http://www.youtube.com/watch?v=r_yr4pQpXd8&feature=youtu.be

an industrial product
noted ... make comments
.

http://www.youtube.com/watch?v=Y6IWqk2SAqA&feature=youtu.be

an industrial service
noted .... make comments

o Competitor Intelligence-Asia
noted Jan 9
there are two UTSC videos in the Intelligence-Asia unit, watch these and make comments

Geographic weather extremes
ROB TV interview
----------------------------------
Text Chpt 5
Risk Management
Risk Analysis
did Feb 6
read again on your own

did Feb 6
AWB discussing Risk Analysis
- what are you protecting
- what is the threat
- how much can you spend
-------------------------------
o Scams
updated Feb 21
+ Do Not Call Registry
noted briefly Feb 6
+ 419 / Nigeria scams
+ Facebook scams 2017
f

former TSC student Hasan Shahzad re: scams
f

o DoS Attacks
+ DDoS attacks on DNS
f
-------------------------------
leverage
- int'l finance risks
- export finance risks
EDC PEMD
f

HR risks
Market Risks
- product and consumer risks
Reputational (Branding) Risks
Special Topics
----------------------------------
Financial risk

intro credit card fraud
needs updating

discussed scenario of "account takeover" of Credit Card Fraud
did Jan 23

--------------------------------------
Domain Names
o domain scams
d
o domain phishing
did briefly Jan 9
o domain hacking
did
o domain Verisign issues
did
relates to fake renewal notices.
.
Domain Name Phishing and Spear Phishing explained in a video

2 min 10 sec
did
.

Video 6 hacking

Contingency planning and Risk Analysis
b
o Incident Response Planning
o Disasater Recovery Planning
o Business Continuity Planning

C.C.C.
be Calm Cool and Collected in an emergency - which is because you had a contingency plan
noted .... with emphasis on "why" you have a contingency plan
.

https://www.youtube.com/watch?v=Bb3eCMxxI6Q&feature=youtu.be

video of what WTGR explained in class ....
----------------------------------
4T's of Hazard Risks
Tolerate
Treat
Transfer
Terminate
-----------------------------------
Political Environment
ISO 31000 compliance
n
Political Risk
d
OECD
OECD Principles of corporate governance
d
Financial Risk
- debt /
----------------------------
Text Chpt 7
Risk Management Strategy

Prevention
Detection
Response

1 min. 23 sec
did Feb 13
Differences in prevention, detection and response between crime and cybercrime?
- watch and
make comments
through YouTube
Deterrence
Response
did Feb 13
(Incident response trends)
Schneier
schneier.com/news-185.html
relates to vulnerabilities in cloud computing

Countermeasures
did Feb 13
watch video on Mnemonic passwords

did Feb 13
mnemonics explained at 5:23 of the video
------------------------------------
Text Chpt 9
Benefits to Managing Risk

Insurance Bureau of Canada
ibc.ca/en/Business
_insurance
/risk_management/
---------------------------
o Privacy Issues
began Feb 13 - needs updating
o Privacy Issues-Social Media
did
o Privacy Violations
o Identity Theft
d (explanation of how to do "account takeover" of a credit card)

the ID theft page includes many interesting student videos
o Encryption
did briefly March 6th
o Viruses
did
.

did Feb 13
- class was invited to screen capture this to a video file
WTGR comment (April 2014) on Heartbleed virus and 900 SIN numbers stolen from CRA...on CTV

also
www.ctvnews.ca/mobile
/video?clipId=322864
. . . . . . . . . .
.

o Firewalls
noted Feb 13 - needs updating
o Honey Pots
noted Feb 13 - needs updating
------------------------------------
Text Chpt 24
Stakeholder expectations

Stakeholders defined

- owners
- employees
- customers
and
- government
- suppliers
- neighbours

In class exercise
RED TEAM
Team 1
Team 2
Team A
Team B
done March 6th

Special Guest Speaker
2015, 2016
Ritesh Kotak
Toronto Police
Cyber Crime Unit

Text Chpt 30
Supply Chain Risk
Infrastructure Risk
- physical infrastructure
- technological infra..

Outsourcing
Internal Risk & Threats
noted briefly Jan 2nd
updated Feb 22
existing employees
former employees
3rd party/outsourced employees
noted briefly Jan 2nd

Third Party Risks
Outsourcing Risks

-------------------------
Drones
did Feb 27
strictly speaking UAVs would not be directly associated with risk management for digital companies, but indirectly the technological advances for which UAVs are used, influence many aspects of business

DRONES VIDEO

11 min 31 sec
added March 14
youtube.com/watch?v=JJQrjs-jzlA
made from student comments in class Feb 2017 - add your comments to earn class participation marks
-------------------------
.

a video to help with your report
- discussing how i mark it

How To Do Presentations
(read thoroughly on your own)
included video tips

Guest Speaker
2017 March 13th
from CSEC

Prof. Richardson talking in early March 2011 about class participation marks.

general tips and help
witiger.com/tips.htm
-----------------------

The Institute of Risk Management (UK)

RIMS
Risk and Insurance Society, Inc. (Canada)
rimscanada.ca
-----------------------
What does it mean when you have to analyze something
- watch this video for tips

Presentations 2017

March 20th
1.RBC
(Ahmed, Roldan, Harkness, Smai, Ramnarine, Myky...)

2.Rogers
(Ahmed-Ritchie, Asim, Chahal, Jiang, Khan, Nasser)

3. Freedom Mobile
4.

- - - - - - - - -
March 27th
5. ~~Uber~~ Nokia
(Akhund, Sultan, Hassan, Ezec..., Kisel.., Kosto..,
6.
7.
8.
- - -- - - - - - - - - - - - - - - - -
MGD426 2017 Jan-April
video (self-intro) of the class

youtube.com/watch?v=re0Kh_-Iqyk
uploaded 2017 March 14

2017
Jan 2
Jan 9
Jan 16

Jan 23
~~Jan 30 Assignment 1 due~~
~~Jan 30~~ prof sick..no class
Feb 6 Assignment 1 due
Feb 13
Feb 20 holiday
Feb 21-24 Break Week

Feb 27
Mar 6
Mar 13 Guest speaker
Mar 13 Assignment 2 duenoted Feb 13

Mar 20 presentations
Mar 27 presentations
Mar 31 classes end

Final Group Project
Details
noted Feb 13

GRADING - How the marks are calculated

http://www.youtube.com/watch?v=bcuw9bMYgHY

http://www.youtube.com/watch?v=8tXadb6IsKI

http://www.youtube.com/watch?v=Zh_3o1npTEg

http://www.youtube.com/watch?v=k1w28eG3jyA

http://www.youtube.com/watch?v=xRrPMWWENhM

http://www.youtube.com/watch?v=TI8JxwBvnII

http://www.youtube.com/watch?v=wCxYyI_iWj0

Read The Newspaper
Part 1

Read The Newspaper
Part 2
getting rich on the stock market

Read The Newspaper
Part 3
learn an
Industry Sector

Read The Newspaper
Part 4
Business magazines
are important

Earning
Class
Participation
Marks
- basics

Class
Participation
- how you earn the highest marks

Class
Participation
- how they are calculated
- the numbers


Group Work - what the Report should look like - binding, pages, table of contents		Group Work / Reports Part 2 The importance of using "Mature Language" in your writing		Group Work / Reports Part 3 important considerations		Group Work / Reports Part 4 Coordinating the submission Communication w group members		Group Work / Reports Part 5 The importance of spelling and grammar and how you can help each other added to the MGD415 page March 18th


Group Work Video # 6 - what the Report should look like - binding, pages, table of contents - uploaded 2013 March 8

15 percent assignment 1
15 percent assignment 2
20 Participation / Contribution - which allows for more "impact" to be recognized by student contributions
50 Percent Research Report
- 30 percent written report
- 20 percent presentation to class - sharing teachable points and things you learned that are "useful and interesting" in the context of the overall course topics

Text used in 2013
- not used in 2016
Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management by Paul Hopkin

384 pages, paperback
http://www.amazon.ca/Fundamentals
-Risk-Management-Understanding-
Implementing/dp/0749459425

2nd or 3rd edition is OK
$56 on Amazon for 3rd edition

WTGR has the 2nd edition available on Kindle $42

Sept	Oct	Nov	Nov / Dec
Sept 9 2016 Sept 16 Sept 23	Sept 30 Oct 7 Assignment 1 due Oct 10 Thanksgiving Holiday Oct 11-14 Break Week Oct 21	Oct 21 Oct 28 Nov 4 Assignment 2 due (mentioned Oct 9)	Nov 11 no class Nov 11 is Remembrance Day Nov 18 presentations Nov 25 presentations Dec 2 presentations
Sept 11 2015 Sept 18 Sept 25 powerpoint Oct 2	Oct 2 Oct 9 Oct 16 Assignment 1 due Oct 23	Oct 23 Oct 30 guest speaker RItesh Kotak, TPS Nov 6 Assignment 2 due (mentioned Oct 9)	Nov 13 guest speaker Nov 20 presentations Nov 27 presentations Final Group Project Details 2015
Sept 11 2014 ~~Sept 18~~ prof sick Sept 25 powerpoint Oct 2	Oct 2 Oct 9 Oct 16 Assignment 1 due Oct 23	Oct 23 Oct 30 guest speaker George Platsis Nov 6 guest speaker Nov 6 Assignment 2 due (mentioned Oct 16)	Nov 13 guest speaker Nov 20 presentations Nov 27 presentations Final Group Project Details 2014

G
Texts and books referred to in this course, but not required for purchase

	Bruce Schneier's "Secrets and Lies..Digital Security in a Networked World" ISBN 0-471-25311-1 Schneier is extremely well known as an IT Security professional and author www.schneier.com

witiger.com	CONTACT I MAIN PAGE I NEWS GALLERY I E-BIZ SHORTCUTS I INT'L BIZ SHORTCUTS I MKTG&BUSINESS SHORTCUTS I TEACHING SCHEDULE
	.
	MISTAKES ITEXTS USED I IMAGES I RANK IDISCLAIMER I STUDENT CONTRIBUTORS I FORMER STUDENTS I PUBLICATIONS I TIPS I
	.