In recent years, organisational systems have become more susceptible to threats from malicious actions or inadvertent user errors and from natural and man-made disasters because computers have become more interconnected and, thus, more interdependent and more accessible to a larger number of individuals. In fact, the factors that benefit business operations such as speed of processing and access to information also increase risks of computer intrusion, fraud, and disruption . Hence, with the increasing susceptibility of organizational systems to security threats, risk management and information security have become of utmost importance . A survey was administered by students in a Management of Information systems undergraduate class to investigate the status of information security and risk management in 3 institutions within the local CBD in Samoa and more specifically what strategies are employed to manage risks in these institutions. In addition, findings from the survey were used to provide local case studies and examples in the course notes to demonstrate concepts of information security and risk management for this Management of Information systems class at the National University of Samoa .