Aulas Teóricas

Class 01 - 21/Fev

Course overview.
Concepts of "management system" and of "management framework" (reference to COBIT)


Class 02 - 28/Feb.

Concepts of "governance of IT" and of "Management Systems Standards"

Case A - references for discussion:

  • MSS - Management Systems Standards
  • Information technology audit" (IT audit)

Invited talk: Bruno Soares - ISACA Lisbon Chapter


Class 03 - 7/Mar

Revision of concepts of "IT auditing", "internal auditing", "external auditing", in relation to "Management Systems"

(BIA) Business IT Alignment.

On organisational Strategies (defender, prospector, analyzer, and reactor):

  • Miles and Snow's Organisational Strategies -
  • Business and IT Alignment; Ansewers and Remaining Questions -
  • Gartner - Two-Tier ERP Suite Strategy: Considering Your Options -
Case B -  references for discussion:

Invited talk: Paulo Faroleiro (Bureau Veritas)


Class 04 - 14/Mar

Assessment (capability and maturity models) - core concepts
Process Capability. Maturity Assessment

Case C -  references for discussion:
  • Maturity Models 101: A Primer for Applying Maturity Models to Smart Grid Security, Resilience, and Interoperability
  • ISO 33001 Information technology — Process assessment — Concepts and terminology
Invited Talk: Diogo Proença (INESC-ID, IST)

Class 05 - 21/Mar

Information Stakeholders and Lifecycle. Information Assurance; Information Security (InfoSec). Information Privacy; General Data Protection Regulation. Digital Forensics and e-Discovery. Certification for ISO 27001.

Extra references:


Case D: references for discussion:

  • Cobit 2019 Governance and Management Objectives: Chapter 3 and and Chapter 4 - APO03 Managed Enterprise Architecture
  • Case: Define the users’ information stakeholders for Facebook information lifecycle for users’ information.

Invited talks:

  • Alberto Silva (IST, INESC-ID Data Protection Officer)
  • Rui Shantilal (Integrity -

Class 06 - 28/Mar

Risk management (ISO 31000). Enterprise Risk Management (COSO). Information Security, Information Systems, and Compliance. 

Case E - references for discussion:

  • concepts of “Data Retention”, “Records Management”, “Information Privacy”, “GRC” and “Regulatory Compliance”, “Information Security” 

PROJECT: assignment review...

Invited talk:the case of the INCM -

  • Rosa Tomás (CISO - Chief Information Security Officer)
  • Ricardo Vieira (CRO - Chief Risk Officer; CCO - Chief Compliance Officer)

Class 07 - 4/Apr

IS economics. IS planning. Project Management. Change Management. Resources Management.

Case F  - references for discussion:

  • Cobit 2019 Governance and Management Objectives: Chapter 4 - APO04 Managed Innovation
  • Business Model Canvas (BMC)

Invited talks:

  • Tiago Cunha Oliveira (EY -


Class 08 - 11/Apr

(brief PROJECT - possible clarifications for 1st delivery, for 14 April deadline - no case for analysis this week)

Invited talks:

  • Mário Campos (Autoridade Tributária - General Subdirector for Information Systems)

IMPORTANT: presence in room A4 of this class adds 0,25/20 bonus to the final grade


Class XX - 18/Apr class (Easter break)


Class XX - 25/Apr class (25th April celebration day)


Class 09 - 02/May

Information management in the business context: the business ecosystem, business partners (supply chains and value chains), the "business of data"; data and machine learning; data and privacy. Data sharing; FAIR principles for scientific data.

Case G: references for discussion:

  • The concept of “Data Embassies” as defined by the government of Estonia.

Invited Talk:

IMPORTANT: presence in room in this class adds 0,25/20 bonus to the final grade

Class 10 - 09/May

Project support


Class 11 - 16/May

Acquiring information technology resources and capabilities. Agile projects. Team in start-ups, assembling freelancer teams, and organizations

Project feedback

Case H  - references for discussion:

  • be announced...


Class 12 - 23/Mai

Project Workshop


Class 13 - 30/May