FIN545 Risk Management for Financial Cybersecurity
Course Catalog Description
Introduction
This course examines topics related to efforts to maintain security over financial systems within
the organization. Students examine recent financial systems breaches, and consider common
threats and vulnerabilities related to financial systems. Several methods of risk assessment are
explored, as well as the creation of risk treatment strategies, including the design of internal
technical and process controls. Students analyze relevant financial services industry regulation
and discuss organizational compliance requirements. Response planning is examined for
information and cyber security breaches.
Prerequisite: Having taken an undergraduate course in business information systems or by
permission of the instructor.
| Campus | Fall | Spring | Summer |
|---|---|---|---|
| On Campus | X | X |
Instructors
| Professor | Office | |
|---|---|---|
|
Paul Rohmeyer
|
prohmeye@stevens.edu | Babbio Center 414 |
More Information
Course Objectives
- To introduce the fundamental concepts of information and cyber security in the context of financial systems and markets.
- To lay the foundation for the study of the unique threats and vulnerabilities associated with financial systems and markets.
- To introduce approaches used to identify and evaluate technology and process risks in financial systems.
- To list and explain regulatory guidance related to managing risks in financial systems environments.
- To provide knowledge of actual information and system breach events that have impacted financial systems.
- To identify and formulate risk treatment options in response to identified financial systems risks.
Course Outcomes
- Students will recognize common technology and process risk dimensions in financial systems.
- Students will explain characteristics of the consequences of an information or cyber risk event in a financial systems environment.
- Students will be prepared to monitor and analyze emerging information and cyber security threats related to financial systems.
- Students will be able to create treatment options for identified information and cyber risks in financial systems.
- Students will be able to execute multiple approaches to assess financial systems risk.
- Students will explain the value of cybersecurity information sharing within the financial services community.
Course Resources
Textbook
- Required: Rohmeyer, P., Bayuk, J. (2019) Financial Cybersecurity Risk Management – Leadership Perspectives and Guidance for Systems and Institutions. Springer-Apress. SBN-10: 1484241932, ISBN-13: 978-1484241936
Articles
- Ban, Tong (2014), A Scenario-Based Information Security Risk Evaluation Method. International Journal of Security and Its Applications, Vol.8, No.5 (2014), pp.21-30
- Mugavero, R., Sabato, V. (2014) Analysis and Estimation of Expected Cyber-Attack Scenarios and Consequences, Journal of Information Privacy and Security, 10: 138–152.
- Demarest, Joseph (2014) Testimony -Cyber Security: Enhancing Coordination to Protect the Financial Sector. Statement Before the Senate Committee on Banking, Housing, and Urban Affairs Washington, D.C., Cyber Division, Federal Bureau of Investigation. Available at: https://www.fbi.gov/news/testimony/cyber-security-enhancing-coordination-to-protect-the-financial-sector
- Morgan, Henrie; Liddell, Paul (2008) Quantifying Cyber Security Risk Control Engineering 55.5 (May 2008): P12-P16.
- Rubino, M., Vitolla, A. (2014) Internal control over financial reporting: opportunities using the COBIT framework. Managerial Auditing Journal, Vol. 29 No. 8, 2014. pp. 736-771, Emerald Group Publishing Limited.
- Balbi, A. (2015), Discussing Cyber Security at the Board Level. Strategic Finance. Finance; Jan2015, Vol. 97 Issue 1, p22
References
- Association of Financial Professionals (AFP) Cybersecurity Resources. http://www.afponline.org/Cybersecurity/
- FFIEC Cybersecurity Awareness. https://www.ffiec.gov/cybersecurity.htm
- FTC Data Security. https://www.ftc.gov/tips-advice/business-center/privacy-and-security/datasecurity
- SIFMA Cybersecurity Resource Center. http://www.sifma.org/issues/operations-andtechnology/cybersecurity/overview/
- Verizon Data Breach Investigations Report. http://www.verizonenterprise.com/DBIR/
Grading
Grading Policies
| Weights | ||
| 1 | HW | 20% |
| 2 | Midterm Examination | 20% |
| 3 | Final Examination | 25% |
| 4 | Team Project | 25% |
| 5 | Participation | 10% |
Lecture Outline
| Lecture | Topics | Reading | Assignments |
|---|---|---|---|
| 1 | Introductions, Foundational Concepts | ||
| 2 | Threats | Ch. 1 | |
| 3 | Vulnerabilities | Ch. 2 | |
| 4 | Breach Consequences | Ch. 3 | Final Paper Topic Due |
| 5 | Breach Probability | Ch. 4 | |
| 6 | Cyber Risk Treatment | Ch. 5 | |
| 7 | Midterm Review | Midterm Paper Due | |
| 8 | Enterprise Cyber Governance | Ch. 6 | |
| 9 | Engaging the Organization | Ch. 7 | |
| 10 | Continuous Cyber Improvement | Ch. 8 | |
| 11 | Learning from Breach Incidents | Ch. 9 | |
| 12 | Looking Ahead | Ch. 10 | |
| 13 | Individual Presentations of Final Paper | Final Paper Due | |
| 14 | Individual Presentations of Final Paper | Team Project Due |