University of Belgrade, Faculty of organizational sciences

Department for e-business

Risk management and cybersecurity

STUDY PROGRAMTEACHERSCOURSE STATUSSEMESTERECTS
E-businessMarijana Despotović-Zrakić, Vladimir ObradovićElective16

Course content

Theoretical classes

Basics of GRC discipline (Governance, risk management and compliance – GRC). GRC frame. Financial, IT and Legal GRC. GRC data warehousing and business intelligence. SAP GRC risk management. The concept of risk. Types of risks: gambling risks, company risks, financial risks, strategic risks, operational risks, IT risks. Basics of enterprise risk management (ERM). ERM frameworks and principles. COBIT 5 framework for IT management and risk management. ITIL framework for IT service management. ERM framework COSO. ERM framework NIST. Human, legal and ethical issues of risk management. ISO risk management standards: ISO 31000 risk management framework and ISO / IEC 27000 series of information security management standards. Design and implementation of risk management systems in business operations. IT audit. E-business continuity management. Risk impact analysis on e-business. E-business continuity plan, ISO 22301 standard. Cyber risk management. Types of cyber risk. Cyber security maturity levels. BSD cyber risk management framework. Cyber security lifecycle and phases: cyber security assessment, secure configuration and design, monitoring and surveillance, secure hardware and software, incident preparedness. Cyber risk insurance. Incident management plan. Security management in the cloud environment. Secure IT infrastructure design: zero trust architecture, blockchain.

Practical teaching:

Analysis of tools and platforms for project and risk management. MS Project. Jira. Trello. OpenProject. Risk identification and analysis in e-business projects. Development of a risk management plan. Creating a knowledge base on risks in the company. Introduction of information security management standards. Development, implementation and evaluation of business continuity management plan. Development, implementation and evaluation of an incident management plan. Planning and conducting internal and external IT audit, writing an audit report. Analysis of cyber attack techniques. An overview of cyber attack protection methods. Solving case studies.

The aim of the course

The aim of the course is to acquaint students with existing methodologies, frameworks, techniques and standards for risk assessment and management in e-business.

Outcome of the course

Students are trained in the application of modern methods, techniques, frameworks and standards for risk management in e-business, as well as methods and techniques for managing cyber security in a cloud environment.

Literature

1. B. Radenković, M. Despotović-Zrakić, Z. Bogdanović, D. Barać, A. Labus, Electronic business, ISBN 978-86-7680-304-0; Faculty of Organizational Sciences, Belgrade, 2015
2. Labus, M., Despotović-Zrakić, M., Bogdanović, Z., Barać, D., Popović, S .: Adaptive E-Business Continuity Management: Evidence from the Financial Sector. Computer Science and Information Systems, 2020
3. Labus M., Despotović-Zrakić M., Bogdanović Z. (2017). Introducing Adaptive E-Business Continuity Management. In: Rocha Á., Correia A., Adeli H., Reis L., Costanzo S. (eds) Recent Advances in Information Systems and Technologies. WorldCIST 2017. Advances in Intelligent Systems and Computing, vol 569. Springer, Cham.
4. Raymond Pompon, IT Security Risk Control Management: An Audit Preparation Plan, Appress, 2016. ISBN: 1484221397
5. De Haes, S., Van Grembergen, W., Joshi, A., & Huygh, T. (2020). Enterprise Governance of IT, Alignment, and Value. In Enterprise Governance of Information Technology (pp. 1-13). Springer, Cham.
6. IT Governance Privacy Team, (2017). EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide, ITGP; Second edition, ISBN13: 9781787781924.
7.Materials in e-form, from the e-learning portal www.moodle.elab.fon.bg.ac.rs.