Semester 2 / ECTS Credits: 6 ECTS

Course Description:

The main objective of this course is to give a short and focused introduction to Risk and Incident Management, with particular emphasis on Cybersecurity.

Students will gain comprehensive knowledge of the topic covered with the theories, concepts, and practices.

Throughout this course, Risk Assesment procedures will be discussed with provided real-world examples and tips on how to asses assets, threats, and vulnerabilities. The student will learn about the most important Information security risk management methods and standards and get familiar with the Information Security Management System Developing Process.

The course will also cover Qualitative and Quantitative Risk Measurements, showing what are the advantages and disadvantages of different methods, enabling students to use qualitative and quantitative risk measurement techniques.

Students will also gain knowledge about policies, plans, and procedures related to incident response, with an emphasis on NIST Incident Handling Recommendations.

Students gaint knowledge about Information Security Normative Acts and relationship between information management security system and regulatory provisions related to risk management.

Practical skills of risk assessment and incident handling procedures will be gained through working on real-life scenarios /case-studies during 20 h of lab work.

Learning Outcomes:

  1. Organize implementation and maintenance of information security risk management program
  2. Present best practices in information security risks management.
  3. Analyze concepts, approaches, standards, methods, techniques for effective risk management.
  4. Analyze the relationship between information management security system, it’s security controls and legal / regulatory provisions related to risk management.
  5. Apply the risk assessment in accordance to risk management process within the organization.
  6. Determine how cyber security incidents should be identified and handled within the organization.

Course content lectures:

  1. Risk management concepts terms and definitions
  2. Risk assessment process overview
  3. Context Establishment – Defining system characteristics, goals and objectives of the risk assessment
  4. Risk identification – Identifying threats, vulnerabilities and incidents
  5. Risk analysis
  6. Risk evaluation
  7. Risk treatment
  8. Monitoring and review of risk assessment
  9. Cybersecurity and Cyber-risk Management
  10. Cyber-risk assessment process overview
  11. Information security risk management methods (CRAMM, COBRA, RuSecure, OCTAVE)
  12. Information security management ISO standards
  13. Information security management system (ISMS)
  14. Scales and measures of the information security
  15. Information Security Normative Acts of the Republic of Croatia
  16. HANFA guidelines for proper risk management of information systems
  17. Information and cyber security incidents and incident response procedures