Change management in information systems of critical information infrastructure

The aim of this diploma thesis is to analyse change management in information systems of critical information infrastructure (IS CII). IS CII are defined by the Law on cyber security (Law No. 181/2014 Coll.) and they include systems which have huge impact on the security of CZ and the whole EU. This year a new Regulation on cyber security (Regulation No. 82/2018 Coll.) has been adopted as a subsequent legal act to the Law on cyber security. The new Regulation imposes new commitments on the affected entities including an obligation to manage changes in IS. For the first time in history, organisations which run IS CII find themselves in a situation, in which change management is not an optional managerial decision anymore, but a legal obligation. When implementing IT processes, organisations are not doing so from scratch – they are using various standards, methodologies and frameworks, from which ITIL is the most common. Therefore, one of the objectives of this thesis is to design a change management process model which will be compliant with the requirements of the new Regulation and which will respect ITIL's best practices principles at the same time. Another objective is to compare this model with real change management in IS CII on an example of Visa Information System. Based on this activity, a list of recommendations will be made regarding how to improve change management in IS CII and which particularities it is necessary to take into consideration when defining the process.This topic was not yet elaborated by anyone and is very hot, given the fact that for IS CII which were determined before the new Regulation has entered into force (28th May 2018), the entry into force of the new Regulation is postponed until 28th May 2019. Therefore, the outcomes of this thesis might be beneficial for organisations which are now preparing for ensuring compliance with the requirements of the new Regulation on change management.