Risk Management in Informatics

The course is not on the list Without time-table
Code Completion Credits Range Language
MI-RRI ZK 3 2P Czech
Garant předmětu:
Department of Computer Systems

Information security is very often considered as one of main objectives to secure targets of information processing. However, to focus on this info security as a matter of protection of IT systems against viruses, malware etc. very often means misunderstanding and underestimating of real threats which are around us and which are more dangerous then viruses and other malware. The necessity to continue with business after disaster is also slightly ignored. International standards which are focused on informatics and information security just during last years started to anticipate necessity of risk management. There is no commonly accepted methodology used for this task. Threats which are currently possible to see worldwide, invoke pressures to prepare plans for business continuity management even in the case of dramatic political changes, natural disasters etc.


No special prerequisities.

Syllabus of lectures:

1. Risk definition, information materiality

2. Threats in informatics

3. Risk management methodology

4. Threats category and threats catalogue

5. Risk lifecycle - identification

6. Risk lifecycle - Threats identification in company

7. Risk lifecycle - Evaluation, mitigation

8. Risk lifecycle - mitigation, checking and risk register

9. Organization and risk/security management, (RACI)

10. Return of investment in informatics

11. Business Continuity Management

12. Archiving, legal requirements on informatics I

13. Archiving, legal requirements on informatics II

Syllabus of tutorials:
Study Objective:

Lectures should provide information about definitions, threats and vulnerabilities identification, methodology used to evaluation of threats, threats catalogues, Business Impact Analysis, return of investment, disaster recovery centers and legal requirements in specified area.

Students also should understand how to negotiate with company management to fulfill their IT requirements etc. Management ought to be convinced about reasons for investment but managers are usually not technicians.

Study materials:

ČSN BS 25999-1:2006 (february 2009) BS 25999-2:2007

USA - Published by the National Fire Protection Association NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs.

International Organization for Standardization (ISO) ISO/PAS 22399:2007 Guideline for incident preparedness and operational continuity management

Standards Australia HB 292-2006 : A practitioners guide to business continuity management HB 293-2006 : Executive guide to business continuity management

Risk Management Standard, AS/NZS 4360:2004 has been superseded by AS/NZS ISO 31000:2009, Risk management - Principles and guidelines.


ISO/IEC 27001: Správa bezpečnosti informací (ISO/IEC 17799 je odpovídajícím souborem postupů)

ISF 2010 methodology

ITIL ISO/IEC 20000-1:2005 část 1: Specifikace Definuje požadavky na Správu služeb

ITIL ISO/IEC 20000-2:2005 část 2: Soubor postupů Poskytuje návody a doporučení, jak dosáhnout požadavků z části 1

ITIL ISO/IEC 20000-3:2007 část 3: Stanovení rozsahu a aplikovatelnost (zatím není k dispozici)

ITIL ISO/IEC 20000-4:2007 část 4: Referenční model procesu Správa služeb (zatím není k dispozici)

ITIL BIP 0005: A Manager`s Guide to Service Management

ITIL BIP 0015 IT Service Management: Manuál pro ocenění sama sebe (v současnosti se oceňuje vůči ITIL V2, má být revidováno prostřednictvím doplňkových publikací ITIL V3).

Further information:
No time-table has been prepared for this course
The course is a part of the following study plans:
Data valid to 2024-06-14
Aktualizace výše uvedených informací naleznete na adrese https://bilakniha.cvut.cz/en/predmet1697806.html