University of Oxford Logo University of OxfordSoftware Engineering - Home
On Facebook
Follow us on twitter
Linked in
Linked in
Google plus
Google plus
Stumble Upon
Stumble Upon

Security Risk Analysis and Management

The concept of risk is central to computer and information security, as understanding the exposure of the system to different threats enables security efforts to be prioritised. Through measurements and estimates of risk, security can be managed and cost-benefit decisions can be made. This course explores the principles and tools behind risk analysis for security, providing practical experience on a realistic case study.


This course normally runs twice a year.

Course dates

14th October 2024Oxford University Department of Computer Science - Held in the Department10 places remaining.
9th June 2025Oxford University Department of Computer Science - Held in the Department14 places remaining.


The successful participant will

  • be able to understand the main issues of risk in computer and information security;
  • be able to conduct a security risk analysis and make cost-benefit decisions based on this;
  • have an overview of how risk analysis can be used to make a business case for security.


Overview of Risk
Introduction to the terminology of risk; Risk analysis and management framework; Risk and the relationship to security and controls;
Assets, Harm & Threats
Types of harm; Impact valuation; Threat modelling;
Vulnerability Analysis
Baseline systems; Vulnerability analysis methods;
Risk Evaluation
Quantitative and Qualitative risk measurement;
Security Planning & Management
Security measures; Mapping vulnerabilities to mitigation techniques; COBIT; Security checklists; Security requirements; Risk standards;
Business Cases for Security
Building business cases; Saved losses;


Participants should have a basic understanding of computer security to the level provided by the Security Principles course.