Předmět Management informačních rizik (IP_362)

Na serveru studentino.cz naleznete nejrůznější studijní materiály: zápisky z přednášek nebo cvičení, vzorové testy, seminární práce, domácí úkoly a další z předmětu IP_362 - Management informačních rizik, Vysoká škola ekonomická v Praze (VŠE).

Materiál	Typ	Datum	Počet stažení

Obsah

1.Course Preparation: readings (dotace 0/0) a.Readings: according to the literature indicated in the syllabus2.Information risk management and its relation to IT-security. The business case behind ISMS. (dotace 4/5) a.Interactive class: Identify information risk and compile a harm reference table.b.Interactive class: Business impact assessments and classification of information Threat and Vulnerability assessments and risk management strategies.c.Interactive class: Preparing an ISMS framework and action pland.Discussion of the different risk assessment approaches and the influence of the risk appetite of an organization.e.Interactive class: Interactive development of a crypto policy for different organization classesf.Student group work: Business impact assessment of the B2B environment of EM Ltd (Electric Motors Ltd case)3.Threat and vulnerability assessment, planning results, key success factors of an ISMS (dotace 4/5) a.Student group-work: Threat and vulnerability assessment, proposal of a risk remediation plan (Electric Motors Ltd case)b.Interactive class: The different aspects and key success factors of an ISMS4.Develop an Information Security Management System ISMS (dotace 2/2) a.Interactive class: The different aspects and key success factors of an ISMSb.Q&A on student assignment ("Chemical group" -- ISMS project plan)5.Develop a Security Awareness programme to support an ISMS (dotace 2/2) a."Setting the Scene" -- Follow up activities on an ISMSb.Student presentationsc.Summary and student feed back6.Assessment (dotace 0/0) a.(1) In the "Electric Motors Ltd" case, students apply their knowledge of risk assessment processes and tools, in particular business impact and threat and vulnerability assessments, interactively with the teacher. They work on the case in small groups during day one and two.Allocated time for the case is 180 minutes.The student work piece must include a risk remediation plan and a PowerPoint presentation of the results, as if given in front of a management board. Assessment is based on the above aspects as well as clearness of thought and written/oral presentation. This case counts for 40% of the overall mark.b.(2) In the "Chemical group" case, students compile a project plan to plan and implement an information security management system (ISMS) based on the ISO 270xx standards family. The planning scope covers the first 12 months of the project. Students work on the case in groups of two. The students will present their results on the last day of the course, together with a short handout of one page.Assessment is based on the above aspects as well as clearness of thought and written/oral presentation. This presentation counts for 60% of the overall mark.

Získané způsobilosti

Po absolvování kurzu, student bude- rozumět principům informačních rizi a jejich dopadům na organizace, které jsou aktivní v mezinárodním prostředí;- schopen vymezit rozdíly mezi informačními riziky a IT bezpečností;- schopen kompilovat referenční tabulku a přizpůsobit ji potřebám individuální organizace;- schopen posoudit dopady informačních rizik do podnikání a na základě výstupů určit další postup;- schopen posoudit různý druh rizik;- vědět jak čelit informačním rizikům;- vědět jak vytvořit ISMS podle ISO 270xx.

Literatura

TypAutorNázevMísto vydáníNakladatelRokISBNDAlan Calder et al., Information Security Risk Management for Iso27001/Iso27002, It Governance Ltd (2010), ISBN 978-1849280433DDavid Basin et al, Applied Information Security: A Hands-on Approach, Springer (2011), ISBN 978-3642244735DEvan Wheeler, Security Risk Management: Building an Information Security Risk Management Program from the Ground Up, Syngress (2011), ISBN 978-1597496155

Požadavky

přítomnost všechny dny kurzu

Garant

doc. Ing. Ludmila Štěrbová, CSc.

Vyučující

doc. Ing. Ludmila Štěrbová, CSc.