Risk Evaluation and Recovery Planning of Information Systems

Major: Cybersecurity
Code of subject: 6.125.04.E.163
Credits: 6.00
Department: Information Security
Lecturer: Ph.D., Associate Professor Prokopyshyn Ivan Anatoliyovych
Semester: 4 семестр
Mode of study: денна
Learning outcomes: ZN 4.1. Solve the task of protecting programs and information processed in information and telecommunication systems by means of hardware and software and evaluate the effectiveness of the quality of the decisions made. ZN 4.4. Analyze and evaluate the effectiveness and level of security of resources of various classes in information and information and telecommunication (automated) systems during testing in accordance with the established information and/or cyber security policy. ZN 4.7. Apply protection theories and methods to ensure the security of elements of information and telecommunication systems. ЗН 4.8. Solve the tasks of managing the processes of restoring the regular functioning of information and telecommunication systems using backup procedures in accordance with the established security policy. ЗН 4.9. To solve the problems of ensuring the continuity of business processes of the organization on the basis of risk theory. ZN 4.10. Participate in the development and implementation of an information security and/or cyber security strategy in accordance with the goals and objectives of the organization.
Required prior and related subjects: Fundamentals of information and cyber security Higher mathematics Information security management Methods and means of technical protection of information
Summary of the subject: Basic concepts and principles of information security. Basic concepts of reliability theory, structural models of reliability of complex systems. Evaluating the reliability of hardware and software information security. The concept of risk. Risk analysis: assets, vulnerabilities, threats, protection. Qualitative and quantitative assessment of information risk. Stochastic risk modeling, methods of calculating risk indicators. Economic assessment of risk and efficiency of investments in conservative information protection systems. Business continuity and information security. Disaster recovery planning. Standards and best practices for business continuity management and recovery. Planning for disaster recovery of information systems.
Assessment methods and criteria: Oral questioning at lectures and practical classes – 10%, homework – 20%, semester test – 10%, exam – 60%, (50% – test, 10% – oral component)
Recommended books: 1. DSTU ISO / IEC 27005: 2015. Information Technology. Methods of protection. Information security risk management. 2. DSTU ISO / IEC 31010: 2013. Methods of general risk assessment. 3. DSTU EN ISO 22301:2017. Societal security – Business continuity management systems – Requirements. 4. Zabolotsky M.V., Prokopyshyn I.A. Fundamentals of financial mathematics: textbook. manual. - Lviv: Ivan Franko National University of Lviv, 2016. - 144 p. 5. Korchenko O.G., Kazmirchuk S.V., Akhmetov B.B. Applied risk assessment systems. – Kyiv: CP "Comprint", 2017. - 435 с. 6. Romaka V.A. Management in the field of information protection: a textbook / V.A. Romaka, R.O. Korzh, Yu. R. Garasym. - Lviv: ZUKC, 2013. – 462 p. 7. ISO 22301:2019 Societal security – Business continuity management systems – Requirements. 8. ISO 22316:2017 Security and resilience – Organizational resilience – Principles and attributes. 9. NIST Special Publication 800-84. Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities. – NIST, 2006.