.updated 2017 Feb 22
MGD 426
Risk Management for Digital Industries
.
A 4th year course at the University of Toronto at Mississauga - 
Monday 5:10 - 7:00pm in the IB Bldg.2nd floor,  room 250
For the section(s) taught by Prof. W. Tim G. Richardson
..
Jan Feb Feb / March March / April
tips specific to earning class participation / contribution marks
noted briefly Jan 2nd
read on your own
-------------------------------
www.schneier.com
he has a great blog
------------------------------
Risks associated with
4Ps and 6Es
4Ps are things you can control
6Es are things you cannot control
did Jan 2nd
------------------------------
Difference between 
Regular Crime and 
Cyber Crime
http://www.youtube.com/watch?v=3S0KvbX9fHI
41 sec.
did Jan 2nd
-  watcn again and make comments through YouTube
-------------------------------
Risk and Threat for I.T.
Intro - fundamentals
for Jan 9th
Vulnerability can exist in many forms
- pancake story
Asymetrical Cyber Security.
http://www.youtube.com/watch?v=l0JbPQBmUP0
Asymmetrical Cyber Security
relationship to Guerilla Warfare
noted briefly Jan 2nd
read on your own
http://www.witiger.com/ecommerce/LAWs-rocket.jpg
noted briefly Jan 2nd
read on your own
-------------------------------
 
2013, 2014 Keynotes
noted briefly Jan 2nd
will discuss Jan 9
cybersecurity speeches at The Mackenzie Institute
powerpoints
The 2014 version has 12 slides
The 2013 version has 47 slides
noted Jan 2nd in context of threats to infrastructure

-------------------------------
Text Chpt 1
Def'n of Risk 
Types of Risk
Risk Description
Risk Classification
Risk Likelihood and Magnitude
-------------------------------
Text Chpt 2
Impact of Risk 
Level of Risk
Impact of Hazard Risk
Risk and Reward
-------------------------------
Text Chpt 3
Types of attacks
for Jan 16
Types of Cyber Security Threats - simple intro
cyber threats simply explained by two students
student video 2014 Nov.
Basic Terms Intro by Dilprett and Geetha
3 min 49 sec
for Jan 16
.
Types of Risk
did Jan 16
 o Hazard Risk
aka Pure Risk
 o Control Risk 
 o Opportunity Risk
aka Speculative Risk
http://www.youtube.com/watch?v=xEDH5cdB6tw
video discussing differences between 
Speculative (Opportunity) Risk 
and Pure (Hazard) Risk
did Jan 16
--------------------------------
Text Chpt 4
Development of Risk Management
Terms
f
Asset
Threat Agent
Vulnerability
Exposure
Countermeasure

R=TxVxC
Risk=Threat x Vulnerability x Cost
did Jan 16
--------------------------------
Competition
o Who is Competition
(done in CCT224)
(review for MGD426)
f
o Types of competition
(done in CCT224)
noted for MGD426.
------------------------ 
o HackersSocial Engineering
di
o Hacking and the Trojan
   Horse
did Jan 16
o Hacking tools
script kiddies
o Hacking video MSNBC
-----------------------------------
SOPs
mentioned Jan 2nd
Standard Operating Procedures
noted Jan 2nd
o Spyware
also discussed difference between Spyware and Malware

o Email filtering
3
o Patches

- Patches video
----------------------------------
student Leenah Hassan
discussing Snowden
trailer
showed 
Snowden documentary 2015
YouTube 58 min
noted 
what is interesting is not the fact that Snowden discussed information but rather he disclosed how the information was gathered
-------------------------------------
also discussed Sept 23 2016
JTF2, CSOR
Red Teams

went down the class list and had everone report on "progress" on 
Assignment 1
--------------------------------
Competitor Intelligence
- Humint
- Teckint
- Osint
- Geoint
- read through completely on your own again
.
Difference between Information and intelligence
did Jan 9
--------------------------------
Arthur Weiss
four stages in monitoring competitors - the four "C"s
you may have missed this in the  Competitor Intelligence section, make sure you read it
1. Collecting the info
2. Convert info into intelligence 
- Collate and catalogue it, 
- Verify authenticity 
- Interpret it and Analyse it 
3. Communicating the intelligence. 
- to decision makers 
4. Countering any adverse competitor actions. 
--------------------------------
view videos on  SOURCES of COMPETITOR INTELLIGENCE
- add comments, 
- agree
- disagree
- new suggestions of sources
.

a branded consumer product
make comments
.
http://www.youtube.com/watch?v=HxmPgv23rAM&feature=youtu.be
a branded consumer service
noted ... make comments
.
http://www.youtube.com/watch?v=r_yr4pQpXd8&feature=youtu.be
an industrial product
noted ... make comments
.
http://www.youtube.com/watch?v=Y6IWqk2SAqA&feature=youtu.be
an industrial service
noted .... make comments

o Competitor Intelligence-Asia
noted Jan 9
there are two UTSC videos in the Intelligence-Asia unit, watch these and make comments

Geographic weather extremes
ROB TV interview
----------------------------------
Text Chpt 5
Risk Management 
Risk Analysis
did Feb 6
read again on your own
http://www.youtube.com/watch?v=_QPamr31ZCU
did Feb 6
AWB discussing Risk Analysis
- what are you protecting
- what is the threat
- how much can you spend
-------------------------------
o Scams
updated Feb 21
+ Do Not Call Registry
noted briefly Feb 6
+ 419 / Nigeria scams
+ Facebook scams 2017
f
https://www.youtube.com/watch?v=Ia5LN0rBgrI
former TSC student Hasan Shahzad re: scams
f

o DoS Attacks
+ DDoS attacks on DNS
f
-------------------------------
leverage
- int'l finance risks
- export finance risks
EDC PEMD
f

HR risks
Market Risks
- product and consumer risks
Reputational (Branding) Risks
Special Topics
----------------------------------
Financial risk

intro credit card fraud
needs updating

discussed scenario of "account takeover" of Credit Card Fraud
did Jan 23

--------------------------------------
Domain Names 
o domain scams
d
o domain phishing
did briefly Jan 9
o domain hacking
did
o domain Verisign issues
did 
relates to fake renewal notices

Domain Name Phishing and Spear Phishing explained in a video
http://www.youtube.com/watch?v=Wpx5IMduWX4
2 min 10 sec
did 

http://www.witiger.com/ecommerce/domainnamesregister.htm

Video 6  hacking

Contingency planning and Risk Analysis
b
 o Incident Response Planning
 o Disasater Recovery Planning
 o Business Continuity Planning
------------------------------------
C.C.C.
be Calm Cool and Collected in an emergency - which is because you had a contingency plan
noted .... with emphasis on "why" you have a contingency plan
.
https://www.youtube.com/watch?v=Bb3eCMxxI6Q&feature=youtu.be
video of what WTGR explained in class ....
 

4T's of Hazard Risks
Tolerate
Treat
Transfer
Terminate
-----------------------------------
Political Environment
ISO 31000 compliance
n
Political Risk
d
OECD
OECD Principles of corporate governance
d
Financial Risk
- debt /
----------------------------
Text Chpt 7
Risk Management Strategy

Prevention
Detection
Response
http://www.youtube.com/watch?v=FL3JazaPvOE
1 min. 23 sec
did Feb 13
Differences in prevention, detection and response between crime and cybercrime?
- watch and 
make comments 
through YouTube
Deterrence
Response
did Feb 13
(Incident response trends)
Schneier 
 schneier.com/news-185.html
relates to vulnerabilities in cloud computing

Countermeasures
did Feb 13
watch video on Mnemonic passwords
http://www.youtube.com/watch?v=3rkY5M6Wzdw
did Feb 13
mnemonics explained at 5:23 of the video
------------------------------------
Text Chpt 9
Benefits to Managing Risk

Insurance Bureau of Canada
ibc.ca/en/Business
_insurance
/risk_management/
---------------------------
o Privacy Issues
began Feb 13 - needs updating
o Privacy Issues-Social Media
did
o Privacy Violations
o Identity Theft
d (explanation of how to do "account takeover" of a credit card)

the ID theft page includes many interesting student videos
o Encryption
did 
o Viruses
did 
.
http://www.ctvnews.ca/video?clipId=325554
did Feb 13
- class was invited to screen capture this to a video file
WTGR comment (April 2014) on Heartbleed virus and 900 SIN numbers stolen from CRA...on CTV

also
 www.ctvnews.ca/mobile
/video?clipId=322864
.  .  .  .  .  .  .  .  .  .
.

o Firewalls
noted Feb 13 - needs updating
o Honey Pots
noted Feb 13 - needs updating
------------------------------------
Text Chpt 24
Stakeholder expectations

Stakeholders defined
http://www.youtube.com/watch?v=nBA1ud6QtyE
- owners
- employees
- customers
and
- government
- suppliers
- neighbours
 
 
Special Guest Speaker 
Oct 30 th
Ritesh Kotak
Toronto Police
Cyber Crime Unit
Attendance strongly recommended

Text Chpt 30
Supply Chain Risk
Infrastructure Risk
- physical infrastructure
- technological infra..

Outsourcing
Internal Risk & Threats
noted briefly Jan 2nd
updated Feb 22
existing employees
former employees
3rd party/outsourced employees
noted briefly Jan 2nd

Third Party Risks
Outsourcing Risks

-------------------------
Drones
did briefly Oct 28
strictly speaking UAVs would not be directly associated with risk management for digital companies, but indirectly the technological advances for which UAVs are used, influence many aspects of business
-------------------------
.
http://www.youtube.com/watch?v=u2jr24LdYT0
a video to help with your report
- discussing how i mark it

How To Do Presentations
(read thoroughly on your own)
included video tips
 
Presentation
Group
List
Dates
and times

 

Prof. Richardson talking in early March 2011 about class participation marks.
http://www.youtube.com/watch?v=TI8JxwBvnII

general tips and help
 witiger.com/tips.htm
----------------------- 
http://www.theirm.org/
The Institute of Risk Management (UK)

http://rimscanada.ca/
RIMS
Risk and Insurance Society, Inc. (Canada)
rimscanada.ca
----------------------- 
What does it mean when you have to analyze something
- watch this video for tips
http://www.youtube.com/watch?v=VLjsOgVaA3Y
 
 
Special Guest Speaker 
Oct 30th 2014
George Platsis
platsis.com
and
Platsis bio

Platsis PPT presentation

.

 

2017
Jan 2
Jan 9
Jan 16
Jan 23
Jan 30 Assignment 1 due
Jan 30 prof sick..no class
Feb 6  Assignment 1 due
Feb 13
Feb 20 holiday
Feb 21-24 Break Week
Feb 27
Mar 6
Mar 13 Guest speaker
Mar 13 Assignment 2 duenoted Feb 13
Mar 20 presentations
Mar 27 presentations
Mar 31 classes end

Final Group Project 
Details
noted Feb 13

GRADING - How the marks are calculated
http://www.youtube.com/watch?v=bcuw9bMYgHY http://www.youtube.com/watch?v=8tXadb6IsKI http://www.youtube.com/watch?v=Zh_3o1npTEg http://www.youtube.com/watch?v=k1w28eG3jyA http://www.youtube.com/watch?v=xRrPMWWENhM http://www.youtube.com/watch?v=TI8JxwBvnII http://www.youtube.com/watch?v=wCxYyI_iWj0
Read The Newspaper
Part 1
Read The Newspaper
Part 2
getting rich on the stock market
Read The Newspaper
Part 3
learn an
Industry Sector
Read The Newspaper
Part 4
Business magazines
are important
Earning
Class
Participation
Marks
- basics
Class
Participation
- how you earn the highest marks
Class
Participation
- how they are calculated
- the numbers
..
http://www.youtube.com/watch?v=LxguksrUZfk http://www.youtube.com/watch?v=B7e9WSnC0Tk http://www.youtube.com/watch?v=ybZbld2gyLI http://www.youtube.com/watch?v=bsPyhq52IwU http://www.youtube.com/watch?v=FiLByz-IaAE&feature=youtu.be
Group Work
- what the Report should look like
- binding, pages, table of contents
Group Work / Reports Part 2
The importance of using "Mature Language" in your writing
Group Work / Reports Part 3
important considerations
Group Work / Reports Part 4
Coordinating the submission
Communication w group members
Group Work / Reports Part 5
The importance of spelling and grammar and how you can help each other 
added to the MGD415 page March 18th
http://www.youtube.com/watch?v=ApLKbIvYQTo&feature=youtu.be
Group Work Video # 6
- what the Report should look like
- binding, pages, table of contents - uploaded 2013 March 8

15 percent assignment 1
15 percent assignment 2
20 Participation / Contribution - which allows for more "impact" to be recognized by student contributions
50 Percent Research Report
   - 30 percent written report
   - 20 percent presentation to class - sharing teachable points and things you learned that are "useful and interesting" in the context of the overall course topics



 
Text used in 2013
- not used in 2016
Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management by Paul Hopkin
 384 pages, paperback
 http://www.amazon.ca/Fundamentals
-Risk-Management-Understanding-
Implementing/dp/0749459425

2nd or 3rd edition is OK
$56 on Amazon for 3rd edition

WTGR has the 2nd edition available on Kindle $42

Sept Oct Nov Nov / Dec
Sept 9  2016
Sept 16
Sept 23
Sept 30
Oct 7  Assignment 1 due
Oct 10 Thanksgiving Holiday
Oct 11-14 Break Week
Oct 21
Oct 21
Oct 28 
Nov 4 Assignment 2 due
(mentioned Oct 9)
Nov 11 no class
Nov 11 is Remembrance Day

Nov 18 presentations
Nov 25 presentations
Dec 2 presentations

Sept 11  2015 
Sept 18 
Sept 25 powerpoint 
Oct 2
Oct 2 
Oct 9 
Oct 16 Assignment 1 due 
Oct 23 
Oct 23 
Oct 30 guest speaker 
RItesh Kotak, TPS 
Nov 6 Assignment 2 due 
(mentioned Oct 9)
Nov 13 guest speaker 
Nov 20 presentations 
Nov 27 presentations
Final Group Project 
Details 2015
Sept 11  2014
Sept 18 prof sick
Sept 25 powerpoint
Oct 2
Oct 2
Oct 9
Oct 16 Assignment 1 due
Oct 23
Oct 23
Oct 30 guest speaker George Platsis
Nov 6 guest speaker
Nov 6 Assignment 2 due
(mentioned Oct 16)
Nov 13 guest speaker
Nov 20 presentations
Nov 27 presentations

Final Group Project 
Details 2014

G
Texts and books referred to in this course, but not required for purchase
Bruce Schneier's
"Secrets and Lies..Digital Security in a Networked World"
ISBN 0-471-25311-1
Schneier is extremely well known as an IT Security professional and author
 www.schneier.com

 
witiger.com
  CONTACT I MAIN PAGE I NEWS GALLERY I E-BIZ SHORTCUTS I INT'L BIZ SHORTCUTS I MKTG&BUSINESS SHORTCUTS I TEACHING SCHEDULE
.
  MISTAKES ITEXTS USED I IMAGES I RANK IDISCLAIMER I STUDENT CONTRIBUTORS I FORMER STUDENTS I PUBLICATIONS I TIPSfor those On The Level who believe in faith, hope and charity
.
.