An Essential Leadership Skill: Understanding Information Security and Risk Management

What proactive actions can be taken by individuals to assure continuous system-wide operation of an information network? Is the responsibility of keeping information secure solely up to the information technology team, or does everyone play a part in the process?

These questions and more are addressed in the IT Risk Management overview course offered by Northwestern Engineering’s Master of Science in Information Technology (MSIT) program. In the course, students are exposed to various industries, organizational roles, frameworks, risk management terms and the inter-dependencies involved with this discipline.

The class touches on topics such as strategic risk decisions, policy, asset management, and incident handling, all with an emphasis on practical solutions based on real-world situations and topical examples.

Adjunct Professor Tina Lacroix-Hauri, who teaches the course, is co-founder and president of Bradford Garrett Group (BGG). BGG focuses on topics like crisis and security management, post-incident response, and policy development, and since its founding has worked for U.S. Fortune 100 companies in more than 20 countries.

Lacroix-Hauri took time to explain the importance of the course and what might surprise the general public about IT risk management.

How would you describe the goals of your Northwestern IT Risk Management course?

The goals are to enhance critical thinking skills around the topics of Information Security-Risk Management and to provide practical tools, materials and constructs that can be used to consider risk within an enterprise and beyond to the cloud. The course also provides IT professionals with an understanding of the day-to-day tactical activities that each employee can engage in, plus outlines the processes and people that manage the risk management function. 

What are the three most important lessons you hope to convey to students in your course?

1. That each professional plays a role in the day-to-day management of risk in the enterprise
2. To provide clear resources and frameworks for the professional to consider through their career
3. To improve each students ability to identify, solve and mitigate risk

What is one thing about risk management that you think would surprise someone not involved in the IT industry?

That every person in the enterprise plays a role in continuous mitigation of risk.

What do you enjoy most about being involved with the MSIT program?

The exchange of information and ideas in the classroom and with my fellow instructors. The students — given the diverse backgrounds and roles — bring interesting and contemporary challenges to the classroom.

How do you think the MSIT program differentiates itself from other competitor programs?

The MSIT program offers a great blend of solid technology and business foundational coursework, blended with alumni guest speakers, an engaged Industry Advisory Board (of which I am a member) and evolving special interest courses to keep the curriculum relevant.

Is there anything else you’d like to add?

I appreciate the support from the program and the continuous efforts to sustain the high-caliber academic rigor, deliver a great “day at school” experience, and the commitment to help each student achieve their best while in the program and offer assistance after they graduate.