Main page | Study Branches/Specializations | Groups of Courses | All Courses | Roles                Instructions
A course is the basic teaching unit, it's design as a medium for a student to acquire comprehensive knowledge and skills indispensable in the given field. A course guarantor is responsible for the factual content of the course.
For each course, there is a department responsible for the course organisation. A person responsible for timetabling for a given department sets a time schedule of teaching and for each class, s/he assigns an instructor and/or an examiner.
Expected time consumption of the course is expressed by a course attribute extent of teaching. For example, extent = 2 +2 indicates two teaching hours of lectures and two teaching hours of seminar (lab) per week.
At the end of each semester, the course instructor has to evaluate the extent to which a student has acquired the expected knowledge and skills. The type of this evaluation is indicated by the attribute completion. So, a course can be completed by just an assessment ('pouze zápočet'), by a graded assessment ('klasifikovaný zápočet'), or by just an examination ('pouze zkouška') or by an assessment and examination ('zápočet a zkouška') .
The difficulty of a given course is evaluated by the amount of ECTS credits.
The course is in session (cf. teaching is going on) during a semester. Each course is offered either in the winter ('zimní') or summer ('letní') semester of an academic year. Exceptionally, a course might be offered in both semesters.
The subject matter of a course is described in various texts.

MI-RRI Risk Management in Informatics Extent of teaching: 2P
Instructor: Completion: ZK
Department: 18104 Credits: 3 Semester: L

Annotation:
Information security is very often considered as one of main objectives to secure targets of information processing. However, to focus on this info security as a matter of protection of IT systems against viruses, malware etc. very often means misunderstanding and underestimating of real threats which are around us and which are more dangerous then viruses and other malware. The necessity to continue with business after disaster is also slightly ignored. International standards which are focused on informatics and information security just during last years started to anticipate necessity of risk management. There is no commonly accepted methodology used for this task. Threats which are currently possible to see worldwide, invoke pressures to prepare plans for business continuity management even in the case of dramatic political changes, natural disasters etc.

Lecture syllabus:
1. Risk definition, information materiality
2. Threats in informatics
3. Risk management methodology
4. Threats category and threats catalogue
5. Risk lifecycle - identification
6. Risk lifecycle - Threats identification in company
7. Risk lifecycle - Evaluation, mitigation
8. Risk lifecycle - mitigation, checking and risk register
9. Organization and risk/security management, (RACI)
10. Return of investment in informatics
11. Business Continuity Management
12. Archiving, legal requirements on informatics I 13. Archiving, legal requirements on informatics II

Seminar syllabus:

Literature:
ČSN BS 25999-1:2006 (february 2009) BS 25999-2:2007 USA - Published by the National Fire Protection Association NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs. International Organization for Standardization (ISO) ISO/PAS 22399:2007 Guideline for incident preparedness and operational continuity management Standards Australia HB 292-2006 : A practitioners guide to business continuity management HB 293-2006 : Executive guide to business continuity management Risk Management Standard, AS/NZS 4360:2004 has been superseded by AS/NZS ISO 31000:2009, Risk management - Principles and guidelines. ISACA COBIT 4.1 ISO/IEC 27001: Správa bezpečnosti informací (ISO/IEC 17799 je odpovídajícím souborem postupů) ISF 2010 methodology ITIL ISO/IEC 20000-1:2005 část 1: Specifikace Definuje požadavky na Správu služeb ITIL ISO/IEC 20000-2:2005 část 2: Soubor postupů Poskytuje návody a doporučení, jak dosáhnout požadavků z části 1 ITIL ISO/IEC 20000-3:2007 část 3: Stanovení rozsahu a aplikovatelnost (zatím není k dispozici) ITIL ISO/IEC 20000-4:2007 část 4: Referenční model procesu Správa služeb (zatím není k dispozici) ITIL BIP 0005: A Manager`s Guide to Service Management ITIL BIP 0015 IT Service Management: Manuál pro ocenění sama sebe (v současnosti se oceňuje vůči ITIL V2, má být revidováno prostřednictvím doplňkových publikací ITIL V3).

Requirements:
No special prerequisities.

Informace o předmětu a výukové materiály naleznete na https://courses.fit.cvut.cz/MI-RRI/

The course is also part of the following Study plans:
Study Plan Study Branch/Specialization Role Recommended semester
MI-ZI.2016 Knowledge Engineering V 2
MI-ZI.2018 Knowledge Engineering V 2
MI-SP-TI.2016 System Programming V 2
MI-SP-SP.2016 System Programming V 2
MI-SPOL.2016 Unspecified Branch/Specialisation of Study V 2
MI-WSI-WI.2016 Web and Software Engineering V 2
MI-WSI-SI.2016 Web and Software Engineering V 2
MI-WSI-ISM.2016 Web and Software Engineering V 2
MI-NPVS.2016 Design and Programming of Embedded Systems V 2
MI-PSS.2016 Computer Systems and Networks V 2
MI-PB.2016 Computer Security V 2
MI-WSI-ISM.2016 Web and Software Engineering V 2
NI-TI.2018 Computer Science V 2

Page updated 25. 4. 2024, semester: Z,L/2023-4, Z/2019-20, Z/2024-5, L/2022-3, Z/2020-1, Z,L/2021-2, L/2020-1, Z/2022-3, L/2019-20, Send comments to the content presented here to Administrator of study plans Design and implementation: J. Novák, I. Halaška