INFO 4416 Systems Risk Analysis 1-3 Credit

Course Designator INFO 4416
Course Title: Systems Risk Analysis
Course Length: Fifteen contact hours, five three hour sessions plus research time. Total duration 15 weeks.
Course Description: Develops techniques to characterize and provides perspective on the likelihood of adverse events. Explains methods to characterize the consequences and general costs associated with the various adverse events occurring. Lastly, the analysis provides insight into various likelihood and consequence combinations.
Prerequisites INFO 4411 and 4415
Course Learning Objective: Risk analysis is essential to understanding Information Assurance. Normally in a risk analysis, there is considerable concentration on the specific attacks and vulnerabilities to a specific system configuration and design. This type of vulnerability analysis can determine whether or not a specific attack is viable in the context of the system configuration, its procedures, and its security mechanisms. Within the detailed analyses of specific system designs, specific applicable threats can be applied, specific attacks and vulnerabilities analyzed in relation to the strengths of specific employed security mechanisms, and true costs to the owner of the system and/or its information evaluated. Risk is defined as “A combination of the likelihood that a threat will occur, the likelihood that a threat occurrence will result in an adverse impact, and the severity of the resulting impact,” and a Risk Assessment is defined as the “Process of analyzing threats to, and vulnerabilities of, an IT system, and the potential impact that the loss of information or capabilities of a system would have on security.” A threat may be viewed as an actual or potential event, caused by a threat agent that exploits vulnerability in an information system, with a resulting adverse impact on mission success or the involved asset, e.g., the physical assets of the information system. A threat event may be caused by an adversary--an individual, group, or nation state that has the intent, motivation and capability to cause harm--or human act (non-adversarial), or natural or technological disaster.
Major Topics:
  • Defining Risk
  • Life Cycle Activities
  • Countermeasures
  • Certification and Accreditation
  • Analysis
  • Liaison
  • Testing and Evaluation
  • Threats and Adversaries
  • Missions and Assets
  • Vulnerabilities and Attack avenues
Competencies Competencies for this course are found on this site.
  • Entry (1E-172E)
  • Intermediate (1I-111I)
  • Advanced (1A-20A)


CNSS 4016 may be found here CNSS 4016

Method of Instruction: Lecture and on-line components. Means and methods of risk analysis are discussed. Students perform a risk preliminary analysis of an organization as a research topic.
Evaluation Methods: Evaluation is by examination and critique of the associated risk analysis project.
Student Enrollment:  
NIATEC National Science Foundation Information Assurance Directorate Department of Homeland Security CISSE Scholarship For Service