ITC596 IT Risk Management (8)


This subject provides students with a thorough background in IT security risk management issues. Comprehensive selections of risk management techniques for IT security are covered, including quantitative and qualitative methods. Other topics include security decision-making, risk mitigation, risk transference and business continuity planning.

+ Subject Availability Modes and Location

Session 2
InternalCSU Study Centre Melbourne
InternalCSU Study Centre Sydney
Session 3
DistanceWagga Wagga Campus
Continuing students should consult the SAL for current offering details: ITC596
Where differences exist between the Handbook and the SAL, the SAL should be taken as containing the correct subject offering details.

Subject information

Duration Grading System School:
One sessionHD/FLSchool of Computing and Mathematics

Enrolment restrictions

Graduate Certificate in Information Technology
Graduate Diploma of Information Technology
Master of Information Technology
Master of Networking and Systems Administration

Learning Outcomes

Upon successful completion of this subject, students should:
  • be able to justify the goals and various key terms used in risk management and assess IT risk in business terms;
  • be able to apply both quantitative and qualitative risk management approaches and to compare and contrast the advantages of each approach;
  • be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk;
  • be able to critically evaluate IT security risks in terms of vulnerabilities targeted by hackers and the benefits of using intrusion detection systems, firewalls and vulnerability scanners to reduce risk.


The subject will cover the following topics:
  • Information security basics.
  • Fundamental security rules.
  • Security decision making.
  • Practising security.
  • Foundations of risk management.
  • Quantitative risk assessment.
  • Qualitative risk assessment.
  • Risk mitigation.
  • Risk transference.
  • Business continuity planning.


The information contained in the 2016 CSU Handbook was accurate at the date of publication: 06 September 2016. The University reserves the right to vary the information at any time without notice.