Aantekeningen / Notes
-
IT in Control
(EBM191A05)
Lecturers: Semester 1B year 2022/2023
- Ing. R.G.J. (Jeroen) Kuper RE
Index
Lecture 1 – Strategy & Governance ........................................................................................................ 3
Introduction......................................................................................................................................... 3
Strategy ............................................................................................................................................... 4
Selig – Chapter 1 – Introduction to IT/Business Alignment, Planning, Execution and Governance 4
Selig – Chapter 3 – Business/IT Alignment, Strategic Planning and Portfolio Investment
Management Excellence (Demand Management).......................................................................... 8
Sabherwal, R.; Hirschheim, R.; Goles, T. (2001) – The Dynamics of Alignment, Insights from a
Puncuated Equilibrium Model ....................................................................................................... 11
Governance ....................................................................................................................................... 12
Selig – Chapter 2 – Overview of Integrated IT Governance and Management Framework and
Selection of current and emerging Best Practice Frameworks, Standards and Guidelines .......... 12
Selig – Chapter 6 – IT Service Management (ITSM) Excellence (Execution Management) ........... 16
Lecture 2 – Outsourcing & Cybercrime ................................................................................................. 18
Outsourcing ....................................................................................................................................... 18
Selig – Chapter 7 – Strategic Sourcing, Outsourcing and Vendor Management Excellence ......... 20
Selig – Chapter 9 – Cloud computing, Data Management and Governance Issues, Opportunities,
Considerations and Approaches.................................................................................................... 22
Cybercrime ........................................................................................................................................ 26
Romney & Steinbart – Chapter 8 – Fraud and Errors .................................................................... 26
Romney & Steinbart – Chapter 9 – Computer Fraud and Abuse Techniques ............................... 28
Lecture 3 – Security & privacy ............................................................................................................... 32
Security .............................................................................................................................................. 32
Romney & Steinbart – Chapter 10 – Control and Accounting Information Systems .................... 32
Romney & Steinbart – Chapter 11 – Controls for Information Security (IC basics) ...................... 34
Privacy ............................................................................................................................................... 37
Romney & Steinbart – Chapter 12 – Confidentiality and Privacy (IC Basics) ................................ 39
Romeny & Steinbart – Chapter 13 – Processing Integrity and Availability Controls (IC Basics).... 43
Lecture 4 – Project management .......................................................................................................... 45
Project management ......................................................................................................................... 45
1
, Blockchain ......................................................................................................................................... 50
Lecture 7 – Rehearsal ............................................................................................................................ 54
Strategy ............................................................................................................................................. 55
Governance ....................................................................................................................................... 56
Outsourcing ....................................................................................................................................... 58
Cybercrime ........................................................................................................................................ 58
Security .............................................................................................................................................. 59
Privacy ............................................................................................................................................... 59
Project management ......................................................................................................................... 60
2
,Lecture 1 – Strategy & Governance
Introduction
Course objectives
Upon completion of the course the student is able to:
- Recognize, distinguish and assess how organizations have organized their IT infrastructure, IT
applications, IT management and IT strategy domain on a strategic, tactical and operational
level (B);
- Identify and explain the effects of changes in the IT infrastructure, IT applications, IT
management and IT strategy, related to the reliability of financial reporting, the effectiveness
and efficiency of operations and compliance with relevant laws and regulations (A);
- Design a set of preventive and detective IT conrols to mitigate cyber risks and outsourcings
risk (cloud-computing), related to the reliability of financial reporting, the effectiveness and
efficiency of operations and compliance with relevant laws and regulations (B);
- Assess and advise about the reliability of automated information ©;
- Write a well-written and structured report about the findings of the assignment in a clear,
coherent and convincing manner and present orally about the findings of the assignment of a
professional audience.
Course description
- Strategy: Business IT Alignment, The Strategic Alignment Model (SAM) and the Amsterdam
Information Model (AIM), Demand- and Supply Management, the role of the CIO, Business
Information Manager and Business Analyst.
- Governance: Enterprise Governance of IT (COBIT) and other more tactital and operational
frameworks like BiSL, ASL and ITIL.
- Outsourcing: types of cyber threats (ransomware, cryptoware, CEO fraud, identity fraud,
man-in-the-middle) and designing preventive, detective and corrective IT controls for
mitigating these cyber risks.
- Security: securing data in motion (end-to-end encryption, SSL, HTTPS, VPN) and securing data
at rest (encryption, MFA, SSO), Cryptocurrencies like Bitcoin and FinTech developments like
Blockchain.
- Privacy: CIA triad or in Dutch ‘BIV-classificatie’, relevant laws and regulations like ‘Wetgeving
Meldplicht Datalekken’ and ‘Europese Algemene Verordening Gegevensbescherming’ (EAVG)
or General Data Protectoin Regulation (GDPR).
- Project Management: Waterfall (Prince), Agile/Scrum, DevOps, Governance in IT projects,
risk management, standards like ISO 310001 and COSO ERM.
Study
- Watch screencast
- Read papers
- Read topics in books
- Why is the framework relevant and how organisations use it?
On exam focus on the chapters in the screencast
Lecture 1 till 4 is about topics on exam
Lecture 5 and 6 presenting groups topics.
3
, Strategy
What is strategy? → long term vision/direction, you
set goals for future.
- Goals: it is about: What is a organization want
to be.
- The next question is HOW? But how is not in
the strategy.
Selig – Chapter 1 – Introduction to IT/Business
Alignment, Planning, Execution and Governance
IT strategic goal:
- 100% reliable and integrity system
- Everything in the cloud
You can outsource the system, the management of the system, the operation of the system. But you
cann’t outsource the strategy
Key Business drivers of change
How bigger, the harder to change
Enterprise Governance drivers all functional Governance
4
-
IT in Control
(EBM191A05)
Lecturers: Semester 1B year 2022/2023
- Ing. R.G.J. (Jeroen) Kuper RE
Index
Lecture 1 – Strategy & Governance ........................................................................................................ 3
Introduction......................................................................................................................................... 3
Strategy ............................................................................................................................................... 4
Selig – Chapter 1 – Introduction to IT/Business Alignment, Planning, Execution and Governance 4
Selig – Chapter 3 – Business/IT Alignment, Strategic Planning and Portfolio Investment
Management Excellence (Demand Management).......................................................................... 8
Sabherwal, R.; Hirschheim, R.; Goles, T. (2001) – The Dynamics of Alignment, Insights from a
Puncuated Equilibrium Model ....................................................................................................... 11
Governance ....................................................................................................................................... 12
Selig – Chapter 2 – Overview of Integrated IT Governance and Management Framework and
Selection of current and emerging Best Practice Frameworks, Standards and Guidelines .......... 12
Selig – Chapter 6 – IT Service Management (ITSM) Excellence (Execution Management) ........... 16
Lecture 2 – Outsourcing & Cybercrime ................................................................................................. 18
Outsourcing ....................................................................................................................................... 18
Selig – Chapter 7 – Strategic Sourcing, Outsourcing and Vendor Management Excellence ......... 20
Selig – Chapter 9 – Cloud computing, Data Management and Governance Issues, Opportunities,
Considerations and Approaches.................................................................................................... 22
Cybercrime ........................................................................................................................................ 26
Romney & Steinbart – Chapter 8 – Fraud and Errors .................................................................... 26
Romney & Steinbart – Chapter 9 – Computer Fraud and Abuse Techniques ............................... 28
Lecture 3 – Security & privacy ............................................................................................................... 32
Security .............................................................................................................................................. 32
Romney & Steinbart – Chapter 10 – Control and Accounting Information Systems .................... 32
Romney & Steinbart – Chapter 11 – Controls for Information Security (IC basics) ...................... 34
Privacy ............................................................................................................................................... 37
Romney & Steinbart – Chapter 12 – Confidentiality and Privacy (IC Basics) ................................ 39
Romeny & Steinbart – Chapter 13 – Processing Integrity and Availability Controls (IC Basics).... 43
Lecture 4 – Project management .......................................................................................................... 45
Project management ......................................................................................................................... 45
1
, Blockchain ......................................................................................................................................... 50
Lecture 7 – Rehearsal ............................................................................................................................ 54
Strategy ............................................................................................................................................. 55
Governance ....................................................................................................................................... 56
Outsourcing ....................................................................................................................................... 58
Cybercrime ........................................................................................................................................ 58
Security .............................................................................................................................................. 59
Privacy ............................................................................................................................................... 59
Project management ......................................................................................................................... 60
2
,Lecture 1 – Strategy & Governance
Introduction
Course objectives
Upon completion of the course the student is able to:
- Recognize, distinguish and assess how organizations have organized their IT infrastructure, IT
applications, IT management and IT strategy domain on a strategic, tactical and operational
level (B);
- Identify and explain the effects of changes in the IT infrastructure, IT applications, IT
management and IT strategy, related to the reliability of financial reporting, the effectiveness
and efficiency of operations and compliance with relevant laws and regulations (A);
- Design a set of preventive and detective IT conrols to mitigate cyber risks and outsourcings
risk (cloud-computing), related to the reliability of financial reporting, the effectiveness and
efficiency of operations and compliance with relevant laws and regulations (B);
- Assess and advise about the reliability of automated information ©;
- Write a well-written and structured report about the findings of the assignment in a clear,
coherent and convincing manner and present orally about the findings of the assignment of a
professional audience.
Course description
- Strategy: Business IT Alignment, The Strategic Alignment Model (SAM) and the Amsterdam
Information Model (AIM), Demand- and Supply Management, the role of the CIO, Business
Information Manager and Business Analyst.
- Governance: Enterprise Governance of IT (COBIT) and other more tactital and operational
frameworks like BiSL, ASL and ITIL.
- Outsourcing: types of cyber threats (ransomware, cryptoware, CEO fraud, identity fraud,
man-in-the-middle) and designing preventive, detective and corrective IT controls for
mitigating these cyber risks.
- Security: securing data in motion (end-to-end encryption, SSL, HTTPS, VPN) and securing data
at rest (encryption, MFA, SSO), Cryptocurrencies like Bitcoin and FinTech developments like
Blockchain.
- Privacy: CIA triad or in Dutch ‘BIV-classificatie’, relevant laws and regulations like ‘Wetgeving
Meldplicht Datalekken’ and ‘Europese Algemene Verordening Gegevensbescherming’ (EAVG)
or General Data Protectoin Regulation (GDPR).
- Project Management: Waterfall (Prince), Agile/Scrum, DevOps, Governance in IT projects,
risk management, standards like ISO 310001 and COSO ERM.
Study
- Watch screencast
- Read papers
- Read topics in books
- Why is the framework relevant and how organisations use it?
On exam focus on the chapters in the screencast
Lecture 1 till 4 is about topics on exam
Lecture 5 and 6 presenting groups topics.
3
, Strategy
What is strategy? → long term vision/direction, you
set goals for future.
- Goals: it is about: What is a organization want
to be.
- The next question is HOW? But how is not in
the strategy.
Selig – Chapter 1 – Introduction to IT/Business
Alignment, Planning, Execution and Governance
IT strategic goal:
- 100% reliable and integrity system
- Everything in the cloud
You can outsource the system, the management of the system, the operation of the system. But you
cann’t outsource the strategy
Key Business drivers of change
How bigger, the harder to change
Enterprise Governance drivers all functional Governance
4
