Risk Management in Informatics
- Department of Computer Systems
Information security is very often considered as one of main objectives to secure targets of information processing. However, to focus on this info security as a matter of protection of IT systems against viruses, malware etc. very often means misunderstanding and underestimating of real threats which are around us and which are more dangerous then viruses and other malware. The necessity to continue with business after disaster is also slightly ignored. International standards which are focused on informatics and information security just during last years started to anticipate necessity of risk management. There is no commonly accepted methodology used for this task. Threats which are currently possible to see worldwide, invoke pressures to prepare plans for business continuity management even in the case of dramatic political changes, natural disasters etc.
No special prerequisities.
- Syllabus of lectures:
1. Risk definition, information materiality
2. Threats in informatics
3. Risk management methodology
4. Threats category and threats catalogue
5. Risk lifecycle - identification
6. Risk lifecycle - Threats identification in company
7. Risk lifecycle - Evaluation, mitigation
8. Risk lifecycle - mitigation, checking and risk register
9. Organization and risk/security management, (RACI)
10. Return of investment in informatics
11. Business Continuity Management
12. Archiving, legal requirements on informatics I
13. Archiving, legal requirements on informatics II
- Syllabus of tutorials:
- Study Objective:
Lectures should provide information about definitions, threats and vulnerabilities identification, methodology used to evaluation of threats, threats catalogues, Business Impact Analysis, return of investment, disaster recovery centers and legal requirements in specified area.
Students also should understand how to negotiate with company management to fulfill their IT requirements etc. Management ought to be convinced about reasons for investment but managers are usually not technicians.
- Study materials:
ČSN BS 25999-1:2006 (february 2009) BS 25999-2:2007
USA - Published by the National Fire Protection Association NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs.
International Organization for Standardization (ISO) ISO/PAS 22399:2007 Guideline for incident preparedness and operational continuity management
Standards Australia HB 292-2006 : A practitioners guide to business continuity management HB 293-2006 : Executive guide to business continuity management
Risk Management Standard, AS/NZS 4360:2004 has been superseded by AS/NZS ISO 31000:2009, Risk management - Principles and guidelines.
ISACA COBIT 4.1
ISO/IEC 27001: Správa bezpečnosti informací (ISO/IEC 17799 je odpovídajícím souborem postupů)
ISF 2010 methodology
ITIL ISO/IEC 20000-1:2005 část 1: Specifikace Definuje požadavky na Správu služeb
ITIL ISO/IEC 20000-2:2005 část 2: Soubor postupů Poskytuje návody a doporučení, jak dosáhnout požadavků z části 1
ITIL ISO/IEC 20000-3:2007 část 3: Stanovení rozsahu a aplikovatelnost (zatím není k dispozici)
ITIL ISO/IEC 20000-4:2007 část 4: Referenční model procesu Správa služeb (zatím není k dispozici)
ITIL BIP 0005: A Manager`s Guide to Service Management
ITIL BIP 0015 IT Service Management: Manuál pro ocenění sama sebe (v současnosti se oceňuje vůči ITIL V2, má být revidováno prostřednictvím doplňkových publikací ITIL V3).
- Further information:
- No time-table has been prepared for this course
- The course is a part of the following study plans:
- Knowledge Engineering, in Czech, Presented in Czech, Version 2016 and and 2017 (elective course)
- Computer Security, Presented in Czech, Version 2016 to 2019 (elective course)
- Computer Systems and Networks, Presented in Czech, Version 2016 to 2019 (elective course)
- Design and Programming of Embedded Systems, in Czech, Version 2016 to 2019 (elective course)
- Specialization Web and Software Engineering, in Czech, Version 2016 to 2019 (elective course)
- Specialization Software Engineering, in Czech, Version 2016 to 2019 (elective course)
- Specialization Web Engineering, Presented in Czech, Version 2016 to 2019 (elective course)
- Master Informatics, Presented in Czech, Version 2016 to 2019 (elective course)
- Specialization System Programming, Presented in Czech, Version 2016 to 2019 (elective course)
- Specialization Computer Science, Presented in Czech, Version 2016-2017 (elective course)
- Specialization Computer Science, Presented in Czech, Version 2018 to 2019 (elective course)
- Knowledge Engineering, in Czech, Presented in Czech, Version 2018 to 2019 (elective course)