IT Risk Management
Course code
IFI7085.DT
old course code
IFI7085
Course title in Estonian
IT riskijuhtimine
Course title in English
IT Risk Management
ECTS credits
4.0
Assessment form
assessment
lecturer of 2023/2024 Spring semester
Not opened for teaching. Click the study programme link below to see the nominal division schedule.
lecturer of 2024/2025 Autumn semester
Not opened for teaching. Click the study programme link below to see the nominal division schedule.
Course aims
According to the professional standard for head of IT, part of basic skills and knowledge include advanced knowledge of information security principles. The course aims to provide an overview of the IT risk management based on internationally recognized standards and best practices, and demonstrate how to apply them in practice. It also helps to explain the activities of IT risk management as a continuous process, the purpose of process and the need for connecting IT risk management with other activities, including strategic management, IT governance and information security management.
Brief description of the course
IT risk management course highlights the standards and good practices in field, and relationships with other information security management systems (ISMS - Information Security Management Systems). Course starts with explanation of ISO 27005 standard for IT risk management and continues with analysis of organizational processes and IT risk management activities. The specific IT risk management activities include risk monitoring, risk-based pricing and pricing of security measures, monitoring of IT processes, information security incident management concluding with log analysis and evidence handling. Additional topics are reflected in controls monitoring, IT service agreements (SLA) management, risk communication, security training and documentation. During the cours the need for a more general risk management is expalined and the basic principles of risk-based auditing are explained.
During the lectures, practical cases are analyzed through risk scenarios.
During the lectures, practical cases are analyzed through risk scenarios.
Learning outcomes in the course
Upon completing the course the student:
- is able to assess organization's IT risks, develop and implement a risk management activities and to analyze the impact of management activities.
- is able to assess organization's IT risks, develop and implement a risk management activities and to analyze the impact of management activities.
Teacher
Hillar Põldmaa
Additional information
Arvestuse saamiseks on vaja koostada nõuetele vastav iseseisev töö ning kaitsta seda seminaril. Kaitsmisel välja toodud riskid on aktuaalsed ja põhjendatud. Riskide vähendamiseks pakutud meetmed vastavad riski olemusele. Töö kaitsmine on läbimõeldud ja ettevalmistatud. Üliõpilane esitab kaitsmisel hea ülevaate oma tööst.
Study programmes containing that course
Information Science (INITM/19.DT)
Management of Information Technology (IFITM/18.DT)
Information Science (INITM/18.DT)
Information Science (INITM/17.DT)
Management of Information Technology (IFITM/17.DT)
Information Science (INITM/16.DT)
Management of Information Technology (IFITM/16.DT)
Management of Information Technology (IFITM/15.DT)
Management of Information Technology (IFITM/14.DT)
Management of Information Technology (IFITM/18.DT)
Information Science (INITM/18.DT)
Information Science (INITM/17.DT)
Management of Information Technology (IFITM/17.DT)
Information Science (INITM/16.DT)
Management of Information Technology (IFITM/16.DT)
Management of Information Technology (IFITM/15.DT)
Management of Information Technology (IFITM/14.DT)