DBU’s Master of Science in Digital Risk Management

Within the last year, the COVID-19 pandemic has not been the only major crisis that the U.S. has confronted. The nation also continues to battle a series of major cyberattacks that not only steal confidential and often highly classified information, but also have the potential to disrupt the nation’s economy and jeopardize national security.

Recognizing this ongoing threat, Dallas Baptist University has created a new degree program, the Master of Science in Digital Risk Management, to help address current extreme shortages of adequately trained personnel in the cybersecurity and data privacy fields.

DBU’s Master of Science in Digital Risk Management

“DBU has already established itself as a leader in the technology space through its Master of Science in Information Technology and Management program,” says Sharon Gorikapudi, program director for the M.S. in Digital Risk Management at DBU. “Building on that success, the University’s new M.S. in Digital Risk Management program will include coursework on mitigating the vulnerabilities in cybersecurity, workforce risk, compliance risk and third-party risk.”

The purpose of this new degree program will be to prepare future IT professionals to help secure both public and private organizations — and ultimately, the U.S. — against future cyberattacks.

Though outside governments have vehemently denied any involvement in the recent cyberattacks in the U.S., some digital security experts blame these attacks on criminal elements across Eastern Europe.

Whatever the source may be, the spate of cyberattacks ranging from hospitals up to corporate giants and the U.S. government demonstrates that no one is immune. Experts predict that the attackers’ ambitions may be increasing in order to maximize their profits, as demonstrated in these recent attacks:

• July 2020 – An Eastern European group tried to steal information from COVID-19 researchers in several countries, including the U.S.
• October 2020 – A number of U.S. hospitals were hit by ransomware attacks using malicious software.
• May 2021 – The pipeline carrying 45% of the East Coast’s gasoline supply was shut down through hacking, forcing oil company Colonial Pipeline to pay out a $4.4 million ransom.
• June 2021 – Microsoft said attackers had breached the company’s customer-service-agents credentials to launch hacking attempts against Microsoft customers.

In addition, many hackers use zero-day attacks (remove link on zero-day attacks) to infiltrate IT systems. The term “zero-day” refers to a situation in which hackers exploit the vulnerabilities of an IT system before developers have a chance to fix the flaw. However conducted, the attacks can come with a hefty cost in the form of data theft, system downtimes, a damaged reputation, and possibly, as with Colonial Pipeline, the payment of a substantial ransom.

The need for cybersecurity risk management

As cyberattacks against American companies and government agencies increase, the need for cybersecurity risk management programs, like the M.S. in Digital Risk Management at DBU, has expanded to crucial levels.

Cybersecurity risk management is the practice of prioritizing cybersecurity defensive measures based on the potential adverse effects cyberattacks could create. An organization gives first priority to the flaws, threat trends and the attacks that matter most to their operations while acknowledging that not every system failure or cyberattack can be blocked.

Essentially, cybersecurity risk management involves five steps:

1. Identify the risk. By identifying the risks in an IT system, the information can be inserted into a centralized, computerized risk management system. This makes known threats visible to every stakeholder with access to the system.

2. Analyze the risk. Risks are not all equal. Some can bring the entire operation to a standstill while others only create relatively minor inconveniences. A digital risk management system will map a risk framework that evaluates risks and informs stakeholders of its far-reaching effects.

3. Evaluate or rank the risk. Risks must be ranked and prioritized. An organization may be vulnerable to a number or low-level risks that do not always require upper management intervention. In contrast, just one high-level risk is enough to necessitate immediate intervention.

4. Treat the risk. Every risk needs to be eliminated or contained as much as possible. In a risk management solution, discussions regarding risks and solutions all occur within a unified system. Rather than having to contact multiple individuals for updates, everyone can get the latest information directly from within the risk management solution.

5. Monitor and review the risk. Unfortunately, not all risks can be completely eliminated. In an earlier time, risk management was left up to diligent employees who kept a close watch on all risk factors in their area of operation. But in a digital environment, the risk management system monitors the entire risk framework of the organization. If any factor or risk changes, the change is immediately visible to anyone with access to the system.

For more information on this new and innovative degree program at DBU, visit https://www.dbu.edu/graduate/degree-programs/ms-digital-risk-management/.