Course - Introduction to Information Security Management - IMT4115
IMT4115 - Introduction to Information Security Management
About
Examination arrangement
Examination arrangement: Aggregate score
Grade: Letter grades
| Evaluation | Weighting | Duration | Grade deviation | Examination aids |
|---|---|---|---|---|
| Assignment/term-paper | 49/100 | |||
| Home examination | 51/100 | 3 hours |
Course content
- Introduction to Information security strategy and policy management
- Cultural, organizational and behavioral theories used in information security management organizations.
- Legal and ethical aspects of information security and privacy management.
- Overview of current information security management standards and practices
- How to develop a security program
- Introduction to assessing and treating risk: Threat and vulnerability modelling
- Management models and management practices
- Contingencies and maintenance of Information security
- Information security planning and incident management
Learning outcome
Knowledge: The candidate possess through knowledge of the fundamental theories, models practices of information security management for both large and small organizations. The candidate possess insight and understanding of ethical and legal aspect information security management and privacy management. The candidate possesses good understanding of the risk management processes. The candidate possesses good understanding of security planning and incident management process. The candidate possess insight and good understand of security awareness and security escalations issues in information security management work. The candidate possess insight of the technological innovation process in IT security and its effect on security management. The candidate possess basic knowledge of the standards in information security management.
Skills: The candidate is capable of analyzing existing theory, models and methods in the field of information security management and work independently on solving theoretical and practical problems. The candidate is capable of applying his/her knowledge to both modeling the potential problems and the solutions in information security management and be able to communicate this problems and solutions using basic theoretical skills. The candidate is capable of using and the basic terminology and is aware of the basic standards used in the area of information security management.
General competence: Can participate in group work and manage different organization roles of information security management.
Learning methods and activities
The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus Gjøvik, and are open for the different categories of students. All the lectures will also be available on Internet through the NTNU learning management system Blackboard.
- Lectures are based on the book and other relevant literature and examples
- There are group work with assignments (risk-analysis case and term-paper)
- There are group work in a cyber-security incident management exercise
- Self-reflection on group work regarding term-paper
The risk-analysis case is a mandatory assignment, where you work in groups of 2-3.
The exercise requires mandatory digital attendance, where you work in the same groups as for the term-paper.
The risk-analysis assignment and the exercise are mandatory assignments, and you will not be able to attend the exam if you haven't got the risk-analysis assignment approved and if you haven't attended the exercise.
For the term-paper the deliveries are:
- Sign up for wanted project
- Select group-leader
- Deliver project-description (group-leader on behalf of the group)
- Voluntary mid-term review
- Submission deadline by email: Group-leader deliver the full book-project by email to supervisor.
- Submission deadline in Inspera: Everyone delivers only their own contribution (term-paper/book-chapter) together with self-assessment/reflection
The exam is an digital open ended questions exam with all materials accessible. NTNU grading scale will be used: https://innsida.ntnu.no/wiki/-/wiki/English/Grading+scale (accessible in internal NTNU-system).
Compulsory assignments
- SOHO Risk Analysis (OBL1)
- Crisis management exercise
Further on evaluation
Mandatory assignment and exercise (approval and attendance required to be allowed to take the exam):
- SOHO Risk Analysis.
- (1 day) Crisis Management/Incident response exercise. Digital attendance is required.
Forms of examination arrangement:
- Term-Paper (chapter from book-project; or as the group-leader: the book-project abstract, introduction and a smaller chapter). Details are described in Blackboard.
- 3-hours written individual home exam.
Each part must be passed to pass the course.
Re-sit:
- Ordinary re-sit examination for the written home exam in August.
- For failed paper the student need to sign up for the course next time offered and submit the term-paper in that semester.
Retake: Retake can be carried out for some partial assessments without all partial assessments having to be taken up again.
Specific conditions
Admission to a programme of study is required:
Civil and Environmental Engineering (MIBYGG)
Economics and Business Administration (ØAMSC)
Industrial Innovation and Digital Security (MIIDS)
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)
Recommended previous knowledge
It is recommended to look up wording in the course at: https://www.sans.org/security-resources/glossary-of-terms/
Required previous knowledge
Master entry Level.
The course is available to "Bygg- og miljøteknikk" 2 year master program, but only for students in the track "Digitale byggeprosesser"/ Master in digital Building processes.
The course is available for students admitted to the Master in Industrial Innovation and Digital Security (MIIDS)
Course materials
Management of Information Security newest Edition by Michael E. Whitman (Author), Herbert J. Mattord (Author) ISBN for 2016: ISBN-13: 978-1305501256 / ISBN-10: 130550125X
Course Material provided on / Blackboard
Credit reductions
| Course code | Reduction | From | To |
|---|---|---|---|
| IMT4571 | 2.5 | AUTUMN 2017 | |
| IIKG6503 | 7.5 | AUTUMN 2020 |
No
Version: 1
Credits:
7.5 SP
Study level: Second degree level
Term no.: 1
Teaching semester: AUTUMN 2023
Language of instruction: English
Location: Gjøvik , Trondheim
- Information Security
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination arrangement: Aggregate score
- Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
-
Autumn
ORD
Home examination
51/100
Release
2023-12-19Submission
2023-12-19
09:00
INSPERA
12:00 -
Room Building Number of candidates -
Autumn
ORD
Assignment/term-paper
49/100
Release
2023-11-27Submission
2023-12-01
08:00
INSPERA
23:59 -
Room Building Number of candidates - Summer UTS Home examination 51/100 INSPERA
-
Room Building Number of candidates
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"