Code

ΠΔ-370

Semester

2nd

ECTS

7,5

E-Services

Lefkippos

Category

Obligatory

Instructors

Α. Prentza

Objective

Digital systems risk management and digital technology service level contracts are major challenges for businesses and organizations as well as important research fields. The systematic study, analysis, evaluation, response, management, and monitoring of risks as well as the conclusion of effective service level agreements are important elements for the effective and successful development and operation of digital systems.

This course aims to make students competent in the application of methodologies and practices regarding the management of digital technology risks in organizations. It also aims to make students competent in the application of rules and practices of conclusion and implementation of service level agreements to the successful development and operation of digital systems. Thus, students will acquire all the necessary knowledge to critically analyse business situations and problems related to risk management and digital systems service contracts.

After successfully completing the course, students will be able to:

  • apply best risk management methodologies in the application of digital technologies
  • analyze business situations and problems in terms of risk management in the digital systems service level agreement
  • evaluate risk management practices in the use of technologies and digital systems

Learning outcomes

  • Search for, analysis and synthesis of data and information, with the use of the necessary technology
  • Adapting to new situations
  • Decision-making
  • Team work
  • Working in an interdisciplinary environment
  • Project planning and management
  • Criticism and self-criticism
  • Production of free, creative and inductive thinking

Syllabus

  • Risk Management (RM)

    Definitions, importance of IS for the organization, types and structure of risks, areas of application of IS, IS of Digital Systems and Services (ISS), key components of ISS risks, threats, weaknesses and impact, risk identification techniques, risk management strategies, IS methodology – key stages life cycle, examples.

  • Threats, Vulnerabilities and Opportunities

    Understanding and managing threats, vulnerabilities and opportunities, initiatives, standards and best practices, examples – exercises.

  • Identification and Analysis of Risks

    Definition of resources and activities to be protected, risk identification: risk identification techniques, risk classification, risk register, Risk Analysis: qualitative, quantitative, semi-quantitative analysis, expected value, decision trees, Monte Carlo modeling-simulation, sensitivity analysis, Case study, examples – exercises.

  • Risk Assessment

    Definition, elements of risk assessment, types of assessment, assessment challenges, best practices, choice of risk assessment methodology, identification of risk assessment resources and activities, examples-exercises.

  • Risk Management Plans and Strategies

    Coping plans, avoidance, transfer, responsibility sharing, reduction-mitigation, acceptance, enhancement, exploitation, examples-exercises.

  • Creating a Digital Technology Risk Management Plan

    Purpose, objectives, responsibilities, procedures, scheduling, Gantt Charts, Critical Path, examples-exercises.

  • Information Security Risk Analysis and Management

    Risk analysis and management methodology according to ISO/IEC 27005 (2011), threats, vulnerabilities, valuation of information system goods, risk analysis and management methods (CRAMM, OCTAVE, SBA Scenario).

  • Risk analysis case study

    The CRAMM risk analysis and management method in detail, software tool demonstration and case study presentation.

  • Information security as a digital technology success factor

    User resistance, acceptance of security policies, security requirements and acceptance of information systems and digital services.

  • Practical application of risk management using software

    Software tutorials, lab exercises and examples.

  • Service contracts

    Definition, structure of service contracts, international initiatives and best practices, drawing up service contracts, examples-exercises.

  • Service contracts in practice

    Practical application of creating and managing a contract for the provision of digital technology services.

Bibliography

  • Gibson Darril, 2008, “Managing Risk in Information Systems”, Jones and Bartlett Learning, USA
  • Θεμιστοκλέους Μαρίνος, Λαβδιώτη Μαρία, «Διαχείριση Κινδύνων», Αυτοέκδοση, 2016
  • Κάτσικας Σ. (2014), Διαχείριση Ασφάλειας Πληροφοριών, Εκδόσεις Πεδίο