Modulbeschreibung

IT-Management, Governance and Information Security

Kurzzeichen:
M_mare.ITME
Unterrichtssprache:
Deutsch
ECTS-Credits:
6
Arbeitsaufwand (h):
180
Leitidee:

One of the main tasks of business IT specialists in practice is to design and optimize the interface between the business and IT spheres. optimization of the interface between the business and IT spheres: today, IT must make its value contribution to the contribution to the company's success measurable and comprehensible. It also has to comply with an increasing number of regulatory requirements, ensure information security and data protection and play a part in establishing compliance in other areas of the company. In order to fulfill these tasks, IT Governance, IT Compliance and information security management, IT (service) management and business continuity management. management, various process-oriented frameworks have been developed in recent years. These support the permanent alignment of IT with tactical and strategic corporate goals while objectives while at the same time minimizing all IT risks (including legal risks). The modern training of business IT specialists therefore includes the teaching of knowledge of the relevant methods, concepts and standards. Business IT specialists thus also acquire important technical and methodological knowledge for the management of IT and organizational areas.

Modulverantwortung:
Prof. Dr. Thiel Christian
Lehrpersonen:
Prof. Dr. Thiel Christian
Standort (angeboten):
St. Gallen (Standard)
Zusätzliche Eingangskompetenzen:

INMA

Modultyp:
Wahlpflicht-Modul für Management & Recht BB STD_23(Empfohlenes Semester: 5 | Niveau A: Advanced level course)Kategorien:Vertiefungsmodule (VT_Mod_WI), Wahlpflichtmodule (WP_Mod_WI)
Wahlpflicht-Modul für Management & Recht VZ STD_23(Empfohlenes Semester: 5 | Niveau A: Advanced level course)Kategorien:Vertiefungsmodule (VT_Mod_WI), Wahlpflichtmodule (WP_Mod_WI)
Bemerkungen:

Workload[h]

Contact hours: 56

Guided self-study: 42

Independent self-study: 82

Modulbewertung:
Note von 1 - 6

Leistungsnachweise und deren Gewichtung

Modulschlussprüfung:
Schriftliche Prüfung, 120 Minuten
Bemerkungen zur Prüfung:

Aids: Open book: any printed documents including slides and graphics are permitted, no textbooks

Während der Unterrichtsphase:
Bewertungsart:
Note von 1 - 6

Inhalte

Angestrebte Lernergebnisse (Abschlusskompetenzen):

Professional competencies:

The participants can:

  • Understand information systems as a strategic competitive instrument;
  • Selected reference models regarding the area of application (IT Governance, IT Service Management,
    IT compliance management, IT risk management and information security management as well as
    Business Continuity Management) and use them;
  • Understand and help shape interface processes between IT and business;
  • Design IT (service) processes;
  • Assess current threats to information security and analyze and manage corresponding risks
    and manage them;
  • design an information security management system in accordance with ISO 27001 or BSI basic protection
  • Understand, explain and support the IT audit process.

 

Methodological skills:

The participants can:

  • Understand the possible uses and potential of reference models for managing IT;
  • formulate requirements for IT compliance and information security and business continuity
    and record them
  • understand the relevant management disciplines as continuous processes;
  • understand the interplay between business strategy, organization, technical components and, above all
    and, above all, human capabilities - and weaknesses where applicable;
  • plan and prepare simple IT audits.

 

Self-competencies:
Participants can:

  • work on complex topics independently using the information resources available.


Social skills:

Participants can:

  • understand information management as an essential instrument of corporate management and
    involve the relevant stakeholders in a targeted manner;
  • communicate with departments such as internal audit, controlling, consultants on IT compliance, IT risk management,
    information security, etc. in their own language;
  • demonstrate expressiveness in terms of rhetoric and presentation skills;
  • Recognize conflicts in teamwork and contribute constructively to solutions.
Modul- und Lerninhalt:

Topic/learning block I: Introduction and overview

  • IT management, IT governance, IT compliance management, risk management, information security, Business continuity (definition, delimitation, objectives, tasks);
  • Objectives and benefits of reference models in general;
  • Overview of IT governance reference models (e.g. ITIL, COBIT, ISO 2700x, ...);
  • Objectives, scope and benefits of specific reference models

 

Topic/learning block II: Information security management

  • Differentiation between information security, IT security, computer security and network security;
  • Basics of information security management;
  • Components and structure of an information security management system (ISMS)
  • IT risk analysis
  • Overview of standards and frameworks: BSI basic protection, ISO/IEC 27001 and ff

 

Subject/learning block III: Business Continuity Management (BCM)

  • Basics of business continuity management and resilience
  • Roles and tasks
  • Business continuity management systems (BCMS)
  • BCM strategies
  • Overview of standards and frameworks

 

Topic/learning block IV: IT compliance management

  • Important laws and regulations in the IT sector
  • Fundamentals of auditing and IT auditing;
  • Auditing standards and procedure models for system and application audits as part of
    audits of annual financial statements

 

Topic/learning block V: COBIT

  • Overview COBIT - A Control Framework for IT
  • COBIT 2019 - 6 principles
  • Enabler categories
  • COBIT 2019 - Process reference model
  • COBIT 2019 - Process Enabler Model
  • Application examples

 

Topic/learning block VI: ITIL and IT Service Management (ITSM)

  • IT service lifecycle
  • Selected IT service processes
  • Service Level Management (SLM)
  • Comparison of ITIL v3 and v4
  • Application examples

 

Topic/learning block VII: Agile IT delivery

  • Origin and benefits of DevOps
  • Basic principles and the core concept
  • Core elements of DevOps
  • Processes and the link to ITSM
  • Automation and continuous delivery
  • Security & compliance
Lehr- und Lernmethoden:

Dialogue-oriented teaching with integrated case studies and exercises, guest lectures from the business world,
excursion

Lehrmittel/-materialien:

Compulsory literature:

  • Teaching materials (slides) and case studies on Moodle and Miroboard
  • Supplementary specialist articles and reference models according to the reader on Moodle

 

Further literature:

  • Gene Kim, Kevin Behr, George Spafford, Projekt Phoenix: Der Roman über IT und DevOps –
    Neue Erfolgsstrategien für Ihre Firma
  • Markus Gaulke, Praxiswissen COBIT, dpunkt.verlag GmbH; 3., akt. u. überarb. edition (5 Dec.
    2019), ISBN-10 : 3864906997, ISBN-13 : 978-3864906992
  • COBIT 2019 Framework: Governance and Management Objectives Perfect, Isaca (14 Nov.
    2018), ISBN-10 : 1604207280, ISBN-13 : 978-1604207286