FINAL
11/06/08
Risk
Management:
Assessment
and
Mitigation
(SRA
311)
Tuesday
and
Thursday
mornings,
9:45am
to
11:00am
(75‐minutes
per
session),
in
205
IST
Building
DESCRIPTION:
Risk
Management:
Assessment
and
Mitigation
is
a
SRA
311
Teaching
Team
junior‐level
undergraduate
course
designed
to
educate
aspiring
risk
professionals
on
the
proper
application
of
risk
analysis
concepts
to
Instructor
security,
intelligence,
and
other
problems,
and
to
enhance
risk
William
L.
McGill,
PhD,
PE
literacy.
To
this
end,
the
course
covers
the
basic
philosophy
of
risk
Assistant
Professor
of
IST
(and
SRA)
analysis
to
include
definitions
of
risk
and
the
“six
questions
of
risk
307B
IST
Building
University
Park,
PA
16802
analysis;”
scenario
construction;
all
aspects
of
consequence,
threat,
(814)
867‐0270
(office)
and
vulnerability
analysis;
qualitative,
quantitative,
and
descriptive
[email protected]
risk
assessment
methods;
risk
treatment
strategies
to
include
risk
The
instructor
is
generally
available
acceptance,
risk
transfer,
risk
avoidance,
and
risk
control
and
for
outside
assistance
from
9:45am
management;
risk
communication;
and
risk
perception.
The
course
to
11:15am
on
Mondays
and
from
introduces
these
concepts
through
critical
readings
from
the
risk
11:00am
to
12:30pm
on
analysis
literature
and
application
of
the
course
material
to
in‐class
Wednesdays,
or
by
appointment.
case
studies,
methodology
appraisals,
and
student
projects.
Teaching
Assistant
Ms.
Wen
Yao
OBJECTIVES:
Students
successfully
completing
this
course
can:
IST
Graduate
Student
(PhD)
306A
IST
Building
1. Describe
the
role
of
a
risk
analysis
in
the
decision‐making
[email protected]
process
The
teaching
assistant
is
available
for
2. Articulate
the
“six
questions
of
risk,”
and
thoroughly
describe
outside
assistance
from
4:30pm
to
the
terms
and
notions
associated
with
security
risk
analysis
5:30pm
on
Mondays
and
Wednesdays
unless
otherwise
3. Explain
the
different
types
of
ignorance
and
uncertainty,
and
stated,
or
by
appointment
provide
examples
of
each
in
a
security
context
4. Discuss
the
role
of
risk
perception
and
methods
for
risk
Teaching
Intern
treatment
in
the
risk
management
process
Mr.
Ryan
M.
Dewar
5. Discuss
the
14
PRECEPTS
for
ethics
in
security
risk
analysis
IST
Undergraduate
Student
6. Apply
a
variety
of
structured
analysis
techniques
to
aid
in
the
[email protected]
identification
of
events
and
outcomes
and
the
assessment
of
vulnerability
and
event
likeliness
7. Appraise
alternative
risk
assessment
methods
in
terms
of
their
Prerequisites
consistency
with
established
notions
of
risk
and
their
• Probability
&
Statistics
(STAT
200)
compatibility
with
similar
methodologies
• Introduction
to
SRA
(SRA
111)
8. Apply
the
“six
questions
of
risk”
to
design
a
risk
assessment
• Terrorism
and
Crime
(SRA
211)
methodology
that
meets
the
needs
of
a
specific
decision
maker
• Decision
Analysis
(SRA
231)
with
specific
decision
support
requirements
• College‐Level
Writing
Ability
9. Evaluate
alternative
security
investment
strategies
in
terms
of
Recommended
their
ability
to
reduce
risk,
and
compare
these
strategies
with
• Set
Theory
and
Logic
(IST
230)
alternative
risk
treatment
options
• Open‐mindedness
10. Recite
and
Apply
the
Eight
Elements
of
Thought
and
the
• Extracurricular
experience
Intellectual
Standards
to
critically
evaluate
scholarly
articles
and
performing
some
risk
analytic
function
essays
on
the
topic
of
risk
analysis
11. Critically
evaluate
the
main
ideas
and
arguments
discussed
in
several
widely
recognized
books
on
the
topic
of
risk
analysis
SRA
311,
Fall
2008,
FINAL
(11/06/08)
1
ASSIGNMENTS
AND
GRADING:
Course
assignments
consist
critical
readings
of
key
articles
on
risk,
critical
reviews
of
widely
recognized
books
(particularly
by
future
employers)
on
various
topics
of
risk,
two
group
projects
to
develop
and
refine
your
understanding
of
the
principles
of
risk
analysis,
and
completion
of
a
final
exam
covering
the
very
basic
elements
of
risk
analysis
and
critical
thinking.
Critical
Article
Reviews
(25%).
Each
student
is
responsible
for
producing
no
fewer
than
five
(5)
critical
reviews
of
scholarly
articles
on
risk
or
risk
analyses.
This
activity
is
designed
to
expose
students
to
modern
perspectives
on
security
risk
analysis
while
practicing
his
or
her
ability
to
critically
evaluate
each
author’s
argument.
Articles
will
be
due
each
lecture,
but
students
need
only
submit
a
review
on
their
individual
scheduled
due
dates.
If
a
student
completes
all
5
of
their
assigned
articles,
any
additional
articles
submitted
that
score
higher
will
overwrite
lower
scores.
Critical
Book
Reviews
(20%).
Each
student
will
submit
a
critical
review
on
each
of
two
(2)
mass
market
books
on
the
subject
of
risk.
The
books
available
for
review
are
widely
known
to
real
decision
makers
and
may
actually
have
influenced
their
perceptions
and
understanding
of
risk.
The
first
review
will
be
on
a
book
that
all
students
will
read,
and
for
the
second
book
students
will
be
divided
up
evenly
among
the
titles
according
to
the
preferences
for
different
topics.
Reading
groups
will
be
assembled
to
help
with
this
activity.
Methodology
Appraisal
(10%).
Each
student
will
dissect
one
or
two
security
risk
analysis
methodologies
or
studies
in
terms
of
terminology,
approach,
results,
etc.
from
one
methodology
compares
with
the
results
from
others.
Teams
may
be
formed
for
this
effort,
but
the
number
of
methodologies
reviewed
and
requirements
for
appraisal
increases
with
the
size
of
the
team.
Risk
Analysis
Project
(25%).
Each
student
will
participate
in
a
risk
analysis
project,
either
alone
or
as
part
of
a
group,
that
addresses
a
real‐world
security
risk
analysis
problem.
Each
project
relates
to
a
real
question
or
problem
that
serves
the
interests
of
a
real
decision
maker.
Successful
projects
may
be
used
to
inform
real
decision
making,
and
may
provide
the
basis
for
future
opportunities.
Final
Examination
(20%).
Each
student
will
complete
an
in‐class
final
examination
covering
the
bare
essential
topics
of
this
course.
The
final
exam
will
consist
of
two
parts:
the
first
part
is
a
critical
article
review
on
a
relatively
short
risk‐related
article,
and
the
second
part
consists
of
10‐20
multiple
choice
questions
spanning
the
bare
essential
topics
of
this
course.
IMPORTANT
NOTE:
The
SRA
major
requires
that
all
SRA
students
achieve
a
grade
of
C
or
better
in
this
course
to
graduate
(≥70%).
SRA
311,
Fall
2008,
FINAL
(11/06/08)
2
READING
MATERIALS:
Most,
if
not
all,
of
the
day‐to‐day
course
materials
will
be
in
the
form
of
technical
articles
on
general
and
security
risk
analysis
topics.
Links
to
course
materials
as
PDF
files
will
be
made
available
online
via
the
course
website.
Two
categories
of
printed
books
are
integral
to
this
course:
three
(3)
required
books
and
five
(5)
optional
books
[as
described
below].
Required
Books.
The
following
titles
are
all
required
for
this
course.
BUY
THESE
RIGHT
AWAY.
• The
Miniature
Guide
to
Critical
Thinking:
Concepts
and
Tools,
by
Elder
and
Paul
(ISBN:
0944583105)
[an
excerpt
is
available
at:
http://www.criticalthinking.org/files/Concepts_Tools.pdf]
• The
Miniature
Guide
to
the
Art
of
Asking
Essential
Questions,
by
Elder
and
Paul
(ISBN:
0944583164)
[an
excerpt
is
available
at:
http://www.criticalthinking.org/files/SAM‐Questions2005.pdf]
• Against
the
Gods:
The
Remarkable
Story
of
Risk,
by
Bernstein
(ISBN:
0471295639)
Pseudo‐Optional
Books.
Students
are
responsible
for
reading
one
of
the
following
titles.
DO
NOT
BUY
ANY
OF
THESE
UNTIL
YOU
KNOW
WHICH
BOOK
YOU
ARE
ACCOUNTABLE
FOR.
• • • • •
The
Black
Swan:
The
Impact
of
the
Highly
Improbable,
by
Taleb
(ISBN:
9781400063512)
Why
Can’t
You
Just
Give
Me
the
Number:
An
Executive’s
Guide
to
Using
Probabilistic
Thinking
to
Manage
Risk
and
to
Make
Better
Decisions
(ISBN:
0964793857)
Mad
Cows
and
Mother’s
Milk:
The
Perils
of
Poor
Risk
Communication,
by
Leiss
and
Powell
(ISBN:
0773528172)
Risk
Balance
&
Security,
by
Gibbs
van
Brunschot
and
Kennedy
(ISBN:
9781412940702)
The
Next
Catastrophe:
Reducing
Our
Vulnerabilities
to
Natural,
Industrial,
and
Terrorist
Disasters,
by
Perrow
(ISBN:
9780691129976)
SRA
311,
Fall
2008,
FINAL
(11/06/08)
3
TOPIC
AGENDA
AND
DELIVERABLE
SCHEDULE:
The
following
is
a
tentative
schedule
of
topics
and
assignment
due
dates
for
the
Fall
2008
semester.
As
a
new
class,
the
instructor
may
adjust
course
content
and
timelines
as
needed
to
accommodate
both
student
progress
and
the
needs
of
the
subject.
NOTE:
topics
shaded
in
blue
will
be
covered
on
the
final
exam.
Part
One
(Fundamentals)
Part
Two
(Risk
Assessment)
Date
Planned
Topic
Deliverable
Date
Planned
Topic
Deliverable
TUE
TUE
1.
Course
introduction
Student
11.
Uncertainty
and
Ignorance
CAR
07
9/30
8/26
Critical
Thinking
Review
Survey
THUR
THUR
CAR
00
12.
Analytic
Methods
I
CAR
08
10/2
8/28
2.
Words
and
Notions
of
Risk
TUE
TUE
3.
Risk
Analysis
and
Decision
CAR
01
13.
Analytic
Methods
II
CAR
09
10/7
9/2
Advantage
THUR
THUR
4.
The
Six
Questions
of
Risk
CAR
02
14.
Analytic
Methods
III
CAR
10
10/9
9/4
TUE
TUE
5.
Initiating
Events,
Hazards,
CAR
03
CAR
11
10/14
15.
Analytic
Methods
IV
9/9
and
Threats
THUR
THUR
6.
Outcomes,
Severity,
and
CAR
04
CAR
12
10/16
16.
Analytic
Methods
V
9/11
Valuation
TUE
TUE
CAR
05
CAR
13
10/21
17.
Mechanics
of
Risk
I
9/16
7.
Vulnerability
Analysis
I
THUR
THUR
CAR
06
CAR
14
10/23
18.
Mechanics
of
Risk
II
9/18
8.
Vulnerability
Analysis
II
TUE
TUE
*
*
*
*
10/28
19.
Source
Analysis
9/23
9.
Threat
Analysis
THUR
THUR
Methodology
Book
Rev
1
10/30
20.
Analytic
Confidence
9/25
10.
Risk
Case
Study
Appraisal
Part
Three
(Risk
Management)
Date
Planned
Topic
Deliverable
TUE
21.
Risk
Communication
CAR
15
11/4
THUR
22.
Risk
Treatment
CAR
16
11/6
TUE
CAR
17
11/11
23.
Risk
Perception
THUR
CAR
18
11/13
24.
Countermeasures
TUE
CAR
19
11/18
25.
In‐Class
Exercise
THUR
CAR
20
11/20
26.
Warning
Systems
TUE‐THUR
11/25
THANKSGIVING
11/27
TUE
27.
Measuring
Effectiveness
Book
Rev
2
12/2
and
Auditing
THUR
28.
Ethical
Issues
in
Risk
*
*
12/4
Analysis
TUE
29.
Risk
Management
*
*
12/9
Standards
THUR
30.
Course
Recap/Risk
Analysis
Risk
Analysis
12/11
in
Practice
Project
TUE
FINAL
EXAM
–
DATE
TBD
12/??
SRA
311,
Fall
2008,
FINAL
(11/06/08)
4
POLICIES
AND
PROCEDURES:
This
section
describes
how
the
course
will
run,
to
include
the
format
of
lectures,
attendance,
late
policy,
etc.
Pay
very
close
attention
to
this
information
as
it
shapes
how
you
will
experience
and
function
in
this
course.
Lecture
Format.
Lectures
will
take
the
form
of
class
discussions
of
daily
readings,
walk‐throughs
of
risk
studies,
group
exercises
and
case
studies,
use
of
tools
and
technologies
for
risk
analysis,
in‐class
experiments,
and
other
miscellaneous
classroom
activities.
The
nature
of
the
specific
topics
discussed
on
a
given
day
will
drive
the
format
for
the
lecture.
Each
lecture
is
1
hour
and
15
minutes
long.
In
those
circumstances
where
the
instructor
must
miss
class,
a
pre‐recorded
video
(or
perhaps
live
stream)
of
the
missed
lecture
will
be
made
available
instead.
Course
Website.
All
content
for
this
course
will
be
available
on
the
ANGEL
site,
including
instructions
on
obtaining
reading
materials,
assignment
due
dates,
etc.
Course
Communication.
All
course
communications
between
students
and
instructor
must
be
done
electronically
through
the
ANGEL
system.
This
policy
is
for
two
reasons:
(1)
to
protect
you
against
me
overlooking
your
message
among
the
flood
of
emails
I
receive
on
a
daily
basis,
and
(2)
to
keep
a
permanent
record
of
course
on‐goings.
All
course‐related
email
sent
outside
the
ANGEL
system
will
be
ignored.
Submitting
Assignments.
This
course
is
a
paperless
course.
Gradable
versions
of
all
assignments
must
be
uploaded
to
the
appropriate
digital
drop
box
on
ANGEL,
within
the
48
clock‐hours
preceding
the
start
of
class
on
the
assignment
due
date.
All
assignments
must
be
submitted
as
PDF
files
with
the
following
naming
convention
(all
CAPS,
date
digits
separated
by
hyphens):
PSUID_ASSIGNMENT_MM-DD-YY.pdf
For
example,
the
William
McGill
submitting
reading
assignment
“CAR
08”
on
22
Sep
2008
(due
on
9/23/08)
would
title
their
PDF
file
as
“WLM142_CAR08_09‐22‐08.pdf.”
Not
following
this
standard
may
reduce
the
assignment
grade
in
a
small
but
annoying
way
in
proportion
to
the
degree
and
repetitiveness
of
the
offense.
Graded
assignments
will
be
returned
with
the
same
filename
appended
by
“_GRADED”
prior
to
the
file
extension.
Late
Assignments.
No
late
assignments
are
accepted.
If
you
anticipate
being
late
with
an
assignment,
arrange
with
the
instructor
or
teaching
assistant
to
submit
the
assignment
early.
Class
Attendance.
All
students
are
advised
to
attend
all
lectures.
Beginning
with
Part
II
of
the
course,
formal
attendance
will
be
taken
via
a
variety
of
creative
means.
Failure
to
attend
class
may
result
in
up
to
a
5%
reduction
in
the
final
course
grade.
Students
with
Disabilities.
It
is
Penn
State’s
policy
to
not
discriminate
against
qualified
students
with
documented
disabilities.
If
after
reviewing
this
syllabus
you
find
the
need
to
modify
any
aspect
of
the
course
to
accommodate
your
documented
disability,
please
meet
with
the
instructor
to
discuss
your
concerns
and
to
make
arrangements
for
any
accommodations.
You
will
be
asked
to
present
documentation
from
the
Office
of
Disability
Services
(located
in
105
Boucke
Building)
that
describes
the
nature
of
your
disability
and
the
recommended
remedy.
You
may
refer
to
the
Nondiscrimination
Policy
in
the
Student
Guide
to
University
Policies
and
Rules.
SRA
311,
Fall
2008,
FINAL
(11/06/08)
5
Teaching
Assistant
Duties.
This
course
has
one
teaching
whose
commitment
to
the
course
will
not
exceed
20‐hours
per
week
on
average.
The
teaching
assistant
has
the
following
responsibilities:
• Provides
outside
support
to
students
during
scheduled
office
hours
and
possibly
at
other
times
by
appointment
if
available
and
willing
• Attends
all
lectures
and
monitors
inappropriate
use
of
technology
during
class
• Grades
all
critical
article
reviews
and
contributes
toward
grading
of
critical
book
reviews
(note
that
the
instructor
will
be
grading
all
projects)
• Maintains
a
record
of
student
grades
and
provides
timely
responses
to
reasonable
student
requests
for
class
performance
• Reports
to
the
instructor
all
issues
pertaining
to
relevant
personal
and
academic
problems
of
students
and
groups
• Other
duties
as
deemed
appropriate
by
the
instructor
• Teaching
assistants
do
not
assign
final
grades
Teaching
Intern
Duties.
This
course
has
one
teaching
intern
with
a
commitment
to
the
course
that
will
not
exceed
4
hours
per
week
on
average.
The
teaching
intern
has
the
following
duties:
• Provides
in‐class
support
for
group
activities
and
exercises
and
out‐of‐class
group
tutorials
as
needed
• Subjectively
measures
the
student
sentiment
and
provides
feedback
to
the
instructor
on
how
to
improve
delivery
of
course
subjects
• As
needed
and
as
time
permits,
provides
outside
assistance
to
students
in
the
form
of
math
tutorials,
brainstorming,
devils
advocacy,
and
mentorship.
• Teaching
interns
do
not
grade
any
assignments,
take
attendance,
or
discipline
students
Course
Comedy.
Comedy
is
not
appreciated
in
any
graded
aspect
of
the
course
(non‐graded
is
ok).
The
penalty
for
unprofessionalism
can
be
up
to
a
100%
reduction
in
a
grade
depending
on
the
nature
of
the
offense.
Sleeping
in
Class.
If
a
student
falls
asleep
in
class,
he
or
she
will
be
woken
up.
Academic
Integrity.
According
to
the
University
Handbook:
Academic
integrity
is
the
pursuit
of
scholarly
activity
free
from
fraud
and
deception,
and
is
the
educational
objective
of
this
institution.
Academic
dishonesty
includes,
but
is
not
limited
to,
cheating,
plagiarism,
fabrication
of
information
or
citations,
facilitating
acts
of
academic
dishonesty
by
others,
unauthorized
possession
of
examinations,
submitting
work
of
another
person,
or
work
previously
used
without
informing
the
instructor,
or
tampering
with
the
academic
work
of
other
students.
Any
violation
of
academic
integrity
will
be
thoroughly
investigated,
and
when
warranted,
punitive
action
will
be
taken.
Any
student
for
which
there
is
reasonable
and
convincing
evidence
that
suggests
he
or
she
is
or
has
been
academically
dishonest
will
be
aggressively
prosecuted.
SRA
311,
Fall
2008,
FINAL
(11/06/08)
6