IT Risk Management
Course code
old course code
Course title in Estonian
IT riskijuhtimine
Course title in English
IT Risk Management
ECTS credits
Assessment form
lecturer of 2021/2022 Spring semester
lecturer not assigned
lecturer of 2022/2023 Autumn semester
lecturer not assigned
Course aims
According to the professional standard for head of IT, part of basic skills and knowledge include advanced knowledge of information security principles. The course aims to provide an overview of the IT risk management based on internationally recognized standards and best practices, and demonstrate how to apply them in practice. It also helps to explain the activities of IT risk management as a continuous process, the purpose of process and the need for connecting IT risk management with other activities, including strategic management, IT governance and information security management.
Brief description of the course
IT risk management course highlights the standards and good practices in field, and relationships with other information security management systems (ISMS - Information Security Management Systems). Course starts with explanation of ISO 27005 standard for IT risk management and continues with analysis of organizational processes and IT risk management activities. The specific IT risk management activities include risk monitoring, risk-based pricing and pricing of security measures, monitoring of IT processes, information security incident management concluding with log analysis and evidence handling. Additional topics are reflected in controls monitoring, IT service agreements (SLA) management, risk communication, security training and documentation. During the cours the need for a more general risk management is expalined and the basic principles of risk-based auditing are explained.
During the lectures, practical cases are analyzed through risk scenarios.
Learning outcomes in the course
Upon completing the course the student:
- is able to assess organization's IT risks, develop and implement a risk management activities and to analyze the impact of management activities.
Hillar Põldmaa
Additional information
Arvestuse saamiseks on vaja koostada nõuetele vastav iseseisev töö ning kaitsta seda seminaril. Kaitsmisel välja toodud riskid on aktuaalsed ja põhjendatud. Riskide vähendamiseks pakutud meetmed vastavad riski olemusele. Töö kaitsmine on läbimõeldud ja ettevalmistatud. Üliõpilane esitab kaitsmisel hea ülevaate oma tööst.