Risk Management in Informatics
- Department of Computer Systems
Information security is very often considered as one of main objectives to secure targets of information processing. However, to focus on this info security as a matter of protection of IT systems against viruses, malware etc. very often means misunderstanding and underestimating of real threats which are around us and which are more dangerous then viruses and other malware. The necessity to continue with business after disaster is also slightly ignored. International standards which are focused on informatics and information security just during last years started to anticipate necessity of risk management. There is no commonly accepted methodology used for this task. Threats which are currently possible to see worldwide, invoke pressures to prepare plans for business continuity management even in the case of dramatic political changes, natural disasters etc.
No special prerequisities.
- Syllabus of lectures:
1. Risk definition, information materiality
2. Threats in informatics
3. Risk management methodology
4. Threats category and threats catalogue
5. Risk lifecycle - identification
6. Risk lifecycle - Threats identification in company
7. Risk lifecycle - Evaluation, mitigation
8. Risk lifecycle - mitigation, checking and risk register
9. Organization and risk/security management, (RACI)
10. Return of investment in informatics
11. Business Continuity Management
12. Archiving, legal requirements on informatics I
13. Archiving, legal requirements on informatics II
- Syllabus of tutorials:
- Study Objective:
Lectures should provide information about definitions, threats and vulnerabilities identification, methodology used to evaluation of threats, threats catalogues, Business Impact Analysis, return of investment, disaster recovery centers and legal requirements in specified area.
Students also should understand how to negotiate with company management to fulfill their IT requirements etc. Management ought to be convinced about reasons for investment but managers are usually not technicians.
- Study materials:
ČSN BS 25999-1:2006 (february 2009) BS 25999-2:2007
USA - Published by the National Fire Protection Association NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs.
International Organization for Standardization (ISO) ISO/PAS 22399:2007 Guideline for incident preparedness and operational continuity management
Standards Australia HB 292-2006 : A practitioners guide to business continuity management HB 293-2006 : Executive guide to business continuity management
Risk Management Standard, AS/NZS 4360:2004 has been superseded by AS/NZS ISO 31000:2009, Risk management - Principles and guidelines.
ISACA COBIT 4.1
ISO/IEC 27001: Správa bezpečnosti informací (ISO/IEC 17799 je odpovídajícím souborem postupů)
ISF 2010 methodology
ITIL ISO/IEC 20000-1:2005 část 1: Specifikace Definuje požadavky na Správu služeb
ITIL ISO/IEC 20000-2:2005 část 2: Soubor postupů Poskytuje návody a doporučení, jak dosáhnout požadavků z části 1
ITIL ISO/IEC 20000-3:2007 část 3: Stanovení rozsahu a aplikovatelnost (zatím není k dispozici)
ITIL ISO/IEC 20000-4:2007 část 4: Referenční model procesu Správa služeb (zatím není k dispozici)
ITIL BIP 0005: A Manager`s Guide to Service Management
ITIL BIP 0015 IT Service Management: Manuál pro ocenění sama sebe (v současnosti se oceňuje vůči ITIL V2, má být revidováno prostřednictvím doplňkových publikací ITIL V3).
- Further information:
- No time-table has been prepared for this course
- The course is a part of the following study plans:
- Master branch Knowledge Engineering, in Czech, 2016-2017 (elective course)
- Master branch Computer Security, in Czech, 2016-2019 (elective course)
- Master branch Computer Systems and Networks, in Czech, 2016-2019 (elective course)
- Master branch Design and Programming of Embedded Systems, in Czech, 2016-2019 (elective course)
- Master branch Web and Software Engineering, spec. Info. Systems and Management, in Czech, 2016-2019 (elective course)
- Master branch Web and Software Engineering, spec. Software Engineering, in Czech, 2016-2019 (elective course)
- Master branch Web and Software Engineering, spec. Web Engineering, in Czech, 2016-2019 (elective course)
- Master program Informatics, unspecified branch, in Czech, version 2016-2019 (elective course)
- Master branch System Programming, spec. System Programming, in Czech, 2016-2019 (elective course)
- Master branch System Programming, spec. Computer Science, in Czech, 2016-2017 (elective course)
- Master specialization Computer Science, in Czech, 2018-2019 (elective course)
- Master branch Knowledge Engineering, in Czech, 2018-2019 (elective course)