University of Oxford Logo University of OxfordSoftware Engineering - Home

Security Risk Analysis and Management

The concept of risk is central to computer and information security, as understanding the exposure of the system to different threats enables security efforts to be prioritised. Through measurements and estimates of risk, security can be managed and cost-benefit decisions can be made. This course explores the principles and tools behind risk analysis for security, providing practical experience on a realistic case study.

Course dates

16th June 2014Oxford University Department of Computer Science 0 places remaining.
2nd March 2015Oxford University Department of Computer Science07 places remaining.


The successful participant will

  • be able to understand the main issues of risk in computer and information security;
  • be able to conduct a security risk analysis and make cost-benefit decisions based on this;
  • have an overview of how risk analysis can be used to make a business case for security.


Overview of Risk
Introduction to the terminology of risk; Risk analysis and management framework; Risk and the relationship to security and controls;
Assets, Harm & Threats
Types of harm; Impact valuation; Threat modelling;
Vulnerability Analysis
Baseline systems; Vulnerability analysis methods;
Risk Evaluation
Quantitative and Qualitative risk measurement;
Security Planning & Management
Security measures; Mapping vulnerabilities to mitigation techniques; COBIT; Security checklists; Security requirements; Risk standards;
Business Cases for Security
Building business cases; Saved losses;


Participants should have a basic understanding of computer security to the level provided by the Security Principles course.