Continuity Management, Preparedness, and Risk Management (5 cr)

Evaluation scale

H-5

Content scheduling

TOPICS
• Fundamentals of Preparedness and Business Continuity
• Identification, Assessment, and Analysis of Risks
• Preparedness, Recovery, and Resilience
• Business Impact Analysis
• Business Continuity Planning
• Information Security and Preparedness of Information Systems
• Training and Testing
• Business Continuity Standards and Frameworks
• Reporting

OUTCOMES
By the end of the course, the student will be able to:
• Explain the concepts of preparedness and business continuity.
• Recognize the importance of preparedness in various types of organizations and industries.
• Differentiate between preparedness, recovery, and resilience.
• Identify potential risks and threats within an organization.
• Understand the fundamentals of risk analysis and various risk assessment methods.
• Create a business impact analysis process.
• Develop business continuity, recovery, and resilience plans.
• Comprehend the significance of prioritization in maintaining operational capability during crisis situations.
• Plan business-oriented continuity strategies to minimize disruptions during incidents.
• Describe crisis management protocols and the creation of crisis management plans.
• Guide effective communication and decision-making during crisis situations.
• Analyze information security threats and their relevance to preparedness.
• Be capable of planning and executing preparedness and business continuity exercises and tests for organizations.
• Evaluate and test plan effectiveness under various scenarios.
• Understand the influence of stakeholders and partners on the organization's operational continuity.
• Recognize the importance of reporting in business continuity planning as part of information and cyber security management.

SUMMARY
This course provides a comprehensive overview of concepts, methods, and practical exercises in information and cyber security's business continuity, preparedness, and risk management. Students will learn how to strategize operations during disruptive situations, plan and document recovery and resilience measures, and understand the importance of internal and external crisis communication in maintaining operational continuity. The course equips students to identify factors jeopardizing organizational

Objective

By the end of the course, the student will be able to:
• Explain the concepts of preparedness and business continuity.
• Recognize the importance of preparedness in various types of organizations and industries.
• Differentiate between preparedness, recovery, and resilience.
• Identify potential risks and threats within an organization.
• Understand the fundamentals of risk analysis and various risk assessment methods.
• Create a business impact analysis process.
• Develop business continuity, recovery, and resilience plans.
• Comprehend the significance of prioritization in maintaining operational capability during crisis situations.
• Plan business-oriented continuity strategies to minimize disruptions during incidents.
• Describe crisis management protocols and the creation of crisis management plans.
• Guide effective communication and decision-making during crisis situations.
• Analyze information security threats and their relevance to preparedness.
• Be capable of planning and executing preparedness and business continuity exercises and tests for organizations.
• Evaluate and test plan effectiveness under various scenarios.
• Understand the influence of stakeholders and partners on the organization's operational continuity.
• Recognize the importance of reporting in business continuity planning as part of information and cyber security management.

SUMMARY
This course provides a comprehensive overview of concepts, methods, and practical exercises in information and cyber security's business continuity, preparedness, and risk management. Students will learn how to strategize operations during disruptive situations, plan and document recovery and resilience measures, and understand the importance of internal and external crisis communication in maintaining operational continuity. The course equips students to identify factors jeopardizing organizational operations and their potential consequences and teaches them to evaluate measures reducing the impact and duration of adverse events. Moreover, the course offers insights into necessary resources for recovery and resilience situations.

Content

• Fundamentals of Preparedness and Business Continuity
• Identification, Assessment, and Analysis of Risks
• Preparedness, Recovery, and Resilience
• Business Impact Analysis
• Business Continuity Planning
• Information Security and Preparedness of Information Systems
• Training and Testing
• Business Continuity Standards and Frameworks
• Reporting

Materials

The learning environment used is the It’s Learning platform provided by Turku University of Applied Sciences. All course materials and remote assignments are distributed through the platform. Any peer assessments will also be conducted within the system.

Teaching methods

The course consists of on-site lectures, group work, case analyses, exercises, and remote tasks, where students have the opportunity to apply what they have learned in practice. At the end of the course, students will be able to design, implement, and maintain effective business continuity and preparedness practices within their organization.

Pedagogic approaches and sustainable development

The teaching consists of in-person sessions and remote periods during which students complete either individual or group tasks. The pedagogical framework is based on problem-based and work-life-oriented teaching

Completion alternatives

-

Student workload

The course is 5 ECTS course (135h)

Evaluation methods and criteria

The course performance is assessed through individual and group assignments completed between on-site sessions. The assignments are essay-based and may include peer assessment. The key focus of the assignments is to critically reflect on the organization's current state and evaluate potential areas for improvement.

The submitted tasks are assessed on a scale of 0-5.
The grade is the average of the task submissions.
Unsubmitted tasks lower the grade.
If less than 50% of tasks are submitted, the grade is failed.

Failed (0)

The student has not participated in on-site teaching or group work. The required written assignments are incomplete, and/or the student's skills are seriously lacking.

Assessment criteria, satisfactory (1-2)

The student has participated poorly in on-site teaching and group tasks. Based on the written assignments to be assessed, the student has difficulty understanding the basics of business continuity management and preparedness.

Assessment criteria, good (3-4)

The student has actively participated in in-person sessions, as well as in group tasks and discussions. The student is able to apply what they have learned to their own work tasks or work environment. The student is capable of comprehensively and critically evaluating what they have learned through the tasks from the perspective of business and their own organization.

Assessment criteria, excellent (5)

The student's thinking is independent and broad. The student is able to understand business continuity management and preparedness in the context of business. The student has produced commendable written work, demonstrating the ability to apply what they have learned to the needs of different organizations. The student shows diverse and creative thinking, as well as a comprehensive understanding of the significance of business continuity management and preparedness for the continuity of the organization's operations.

Further information

The It’s Learning platform used by Turku University of Applied Sciences serves as the communication channel for the course.