FIN545 Risk Management for Financial Cybersecurity



Course Catalog Description

Introduction

This course examines topics related to efforts to maintain security over financial systems within the organization. Students examine recent financial systems breaches, and consider common threats and vulnerabilities related to financial systems. Several methods of risk assessment are explored, as well as the creation of risk treatment strategies, including the design of internal technical and process controls. Students analyze relevant financial services industry regulation and discuss organizational compliance requirements. Response planning is examined for information and cyber security breaches.
Prerequisite: Having taken an undergraduate course in business information systems or by permission of the instructor.


Campus Fall Spring Summer
On Campus X X

Instructors

Professor Email Office
Paul Rohmeyer
prohmeye@stevens.edu Babbio Center 414

More Information

Course Objectives

  1. To introduce the fundamental concepts of information and cyber security in the context of financial systems and markets.
  2. To lay the foundation for the study of the unique threats and vulnerabilities associated with financial systems and markets.
  3. To introduce approaches used to identify and evaluate technology and process risks in financial systems.
  4. To list and explain regulatory guidance related to managing risks in financial systems environments.
  5. To provide knowledge of actual information and system breach events that have impacted financial systems.
  6. To identify and formulate risk treatment options in response to identified financial systems risks.

Course Outcomes

  1. Students will recognize common technology and process risk dimensions in financial systems.
  2. Students will explain characteristics of the consequences of an information or cyber risk event in a financial systems environment.
  3. Students will be prepared to monitor and analyze emerging information and cyber security threats related to financial systems.
  4. Students will be able to create treatment options for identified information and cyber risks in financial systems.
  5. Students will be able to execute multiple approaches to assess financial systems risk.
  6. Students will explain the value of cybersecurity information sharing within the financial services community.

Course Resources

Textbook

  • Required: Rohmeyer, P., Bayuk, J. (2019) Financial Cybersecurity Risk Management – Leadership Perspectives and Guidance for Systems and Institutions. Springer-Apress. SBN-10: 1484241932, ISBN-13: 978-1484241936

Articles

    1. Ban, Tong (2014), A Scenario-Based Information Security Risk Evaluation Method. International Journal of Security and Its Applications, Vol.8, No.5 (2014), pp.21-30
    2. Mugavero, R., Sabato, V. (2014) Analysis and Estimation of Expected Cyber-Attack Scenarios and Consequences, Journal of Information Privacy and Security, 10: 138–152.
    3. Demarest, Joseph (2014) Testimony -Cyber Security: Enhancing Coordination to Protect the Financial Sector. Statement Before the Senate Committee on Banking, Housing, and Urban Affairs Washington, D.C., Cyber Division, Federal Bureau of Investigation. Available at: https://www.fbi.gov/news/testimony/cyber-security-enhancing-coordination-to-protect-the-financial-sector
    4. Morgan, Henrie; Liddell, Paul (2008) Quantifying Cyber Security Risk Control Engineering 55.5 (May 2008): P12-P16.
    5. Rubino, M., Vitolla, A. (2014) Internal control over financial reporting: opportunities using the COBIT framework. Managerial Auditing Journal, Vol. 29 No. 8, 2014. pp. 736-771, Emerald Group Publishing Limited.
    6. Balbi, A. (2015), Discussing Cyber Security at the Board Level. Strategic Finance. Finance; Jan2015, Vol. 97 Issue 1, p22

References


Grading

Grading Policies

Weights
1 HW 20%
2 Midterm Examination 20%
3 Final Examination 25%
4 Team Project 25%
5 Participation 10%

Lecture Outline

Lecture Topics Reading Assignments
1 Introductions, Foundational Concepts
2 Threats Ch. 1
3 Vulnerabilities Ch. 2
4 Breach Consequences Ch. 3 Final Paper Topic Due
5 Breach Probability Ch. 4
6 Cyber Risk Treatment Ch. 5
7 Midterm Review Midterm Paper Due
8 Enterprise Cyber Governance Ch. 6
9 Engaging the Organization Ch. 7
10 Continuous Cyber Improvement Ch. 8
11 Learning from Breach Incidents Ch. 9
12 Looking Ahead Ch. 10
13 Individual Presentations of Final Paper Final Paper Due
14 Individual Presentations of Final Paper Team Project Due