Planeamento
Aulas Teóricas
Class 01 - 21/Fev
Course overview.
Concepts of "management system" and of "management framework" (reference to COBIT)
Class 02 - 28/Feb.
Concepts of "governance of IT" and of "Management Systems Standards"
Case A - references for discussion:
- MSS - Management Systems Standards
- https://www.iso.org/management-system-standards.html
- https://www.iso.org/management-system-standards-list.html
- https://www.iso.org/certification.html
- https://www.iso.org/news/ref2228.htm
- Information technology audit" (IT audit)
- https://en.wikipedia.org/wiki/Information_technology_audit
- https://www2.deloitte.com/mt/en/pages/risk/articles/mt-risk-article-it-auditing-process.html
- https://www.isaca.org/Journal/archives/2014/Volume-6/Pages/The-Core-of-IT-Auditing.aspx
Invited talk: Bruno Soares - ISACA Lisbon Chapter
-------------------------------------------------------------------------Class 03 - 7/Mar
Revision of concepts of "IT auditing", "internal auditing", "external auditing", in relation to "Management Systems"
(BIA) Business IT Alignment.
On organisational Strategies (defender, prospector, analyzer, and reactor):
- Miles and Snow's Organisational Strategies - http://www.free-management-ebooks.com/news/miles-and-snows-organizational-strategies/
- Business and IT Alignment; Ansewers and Remaining Questions - http://www.pacis-net.org/file/2009/can%20be%20deleted/PACIS2009_092.pdf
- Gartner - Two-Tier ERP Suite Strategy: Considering Your Options - https://1pdf.net/gartner-two-tier-erp-suite-strategy-considering-your-options-nigel-montgomery-re_59babb58f6065d6853e5d426
- https://resources.infosecinstitute.com/it-auditing-and-controls-an-overview/
- https://resources.infosecinstitute.com/it-audit-introduction/
- https://resources.infosecinstitute.com/itac-planning
- https://resources.infosecinstitute.com/itac-organizations
- https://resources.infosecinstitute.com/itac-governance
Invited talk: Paulo Faroleiro (Bureau Veritas)
-------------------------------------------------------------------------Class 04 - 14/Mar
Assessment (capability and maturity models) - core concepts
Process Capability. Maturity Assessment
- Maturity Models 101: A Primer for Applying Maturity Models to Smart Grid Security, Resilience, and Interoperability
- ISO 33001 Information technology — Process assessment — Concepts and terminology
Class 05 - 21/Mar
Information Stakeholders and Lifecycle. Information Assurance; Information Security (InfoSec). Information Privacy; General Data Protection Regulation. Digital Forensics and e-Discovery. Certification for ISO 27001.
Extra references:
- https://ec.europa.eu/info/law/law-topic/data-protection_en
- https://iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf
- https://www.cookiebot.com/en/gdpr/
Case D: references for discussion:
- Cobit 2019 Governance and Management Objectives: Chapter 3 and and Chapter 4 - APO03 Managed Enterprise Architecture
- Case: Define the users’ information stakeholders for Facebook information lifecycle for users’ information.
Invited talks:
- Alberto Silva (IST, INESC-ID Data Protection Officer)
- Rui Shantilal (Integrity - https://integrity.pt)
Class 06 - 28/Mar
Risk management (ISO 31000). Enterprise Risk Management (COSO). Information Security, Information Systems, and Compliance.
Case E - references for discussion:
- concepts of “Data Retention”, “Records Management”, “Information Privacy”, “GRC” and “Regulatory Compliance”, “Information Security”
PROJECT: assignment review...
Invited talk:the case of the INCM - https://www.incm.pt
- Rosa Tomás (CISO - Chief Information Security Officer)
- Ricardo Vieira (CRO - Chief Risk Officer; CCO - Chief Compliance Officer)
Class 07 - 4/Apr
IS economics. IS planning. Project Management. Change Management. Resources Management.
Case F - references for discussion:
- Cobit 2019 Governance and Management Objectives: Chapter 4 - APO04 Managed Innovation
- Business Model Canvas (BMC)
Invited talks:
- Tiago Cunha Oliveira (EY - https://www.ey.com)
-------------------------------------------------------------------------
Class 08 - 11/Apr
(brief PROJECT - possible clarifications for 1st delivery, for 14 April deadline - no case for analysis this week)
Invited talks:
- Mário Campos (Autoridade Tributária - General Subdirector for Information Systems)
IMPORTANT: presence in room A4 of this class adds 0,25/20 bonus to the final grade
-------------------------------------------------------------------------
Class XX - 18/Apr
...no class (Easter break)
-------------------------------------------------------------------------
Class XX - 25/Apr
...no class (25th April celebration day)
-------------------------------------------------------------------------
Class 09 - 02/May
Information management in the business context: the business ecosystem, business partners (supply chains and value chains), the "business of data"; data and machine learning; data and privacy. Data sharing; FAIR principles for scientific data.
Case G: references for discussion:
- The concept of “Data Embassies” as defined by the government of Estonia.
Invited Talk:
- Gonçalo Antunes (CTO and CCO at Heartgenetics - https://www.heartgenetics.com)
- Lino Santos (National Center for Cybersecurity)
-------------------------------------------------------------------------
Class 10 - 09/May
Project support
-------------------------------------------------------------------------
Class 11 - 16/May
Acquiring information technology resources and capabilities. Agile projects. Team in start-ups, assembling freelancer teams, and organizations
Project feedback
Case H - references for discussion:
- ...to be announced...
-------------------------------------------------------------------------
Class 12 - 23/Mai
Project Workshop
Class 13 - 30/May
FINAL CASE (INDIVIDUAL)