DCST2005 - Risk Management


Examination arrangement

Examination arrangement: Assignment and Written examination
Grade: Letter grades

Evaluation Weighting Duration Grade deviation Examination aids
School exam 40/100 2 hours E
Assignment 60/100 ALLE

Course content

  • Information security management Systems (ISMS)
  • Security work
  • The standards ISO 27001 and 27002.
  • Security policies, security culture and evaluation.
  • Risk management, including risk assessment and analysis.
  • Risk communication
  • Information classification and access control.
  • Incident response: planning and running.
  • Measuring security and key figures.
  • Outsourcing

Learning outcome


The candidate can:

  • explain the use of ISO 27001 and 27002, especially with regards to joint use and differences in information security management.
  • explain the importance of information security for a company's monetary and reputational value.
  • explain a stepwise plan for employing an ISMS, and show critical factors for each phase.
  • explain risk in an information security context, evaluate risk in information systems and make contingency plans.


The candidate can:

  • make an assessment of strategy and measures for anchoring the safety work, based on a prior analysis of the situation in an example company
  • carry out a threat profiling and risk analysis for an example company based on a standard procedure, and prioritize and implement relevant measures with a focus on protecting identities
  • propose a strategy to involve both the company's own employees and any external expertise in the change processes related to the introduction of an ISMS
  • given guidelines or standards, carry out an information security risk assessment on a given information system

General competence:

The candidate can:

  • search for and apply relevant subject matter to shed light on a given problem
  • present security problems and solutions both in writing and orally

Learning methods and activities

Lectures, project work in larger groups, obligatory assignments, reflection, guidance meetings. The students will be split into groups. Each group will work on an information security assignment with focus on risk assessments and a supporting ISMS.

Further on evaluation


  • Written exam, 2 hours, counts 40%
  • Project, counts 60%

Both the exam and the project needs to be passed in order to pass the course.

Delayed exam for the written exam in December. A retake of the project will need to be done the next time the course is taught.

Specific conditions

Admission to a programme of study is required:
Digital Infrastructure and Cyber Security (BDIGSEC)

Required previous knowledge

Admission to a programme of study is required: Bachelor in Digital Infrastructure and Cyber Security.

Course materials

Announced at the start of semester.

Credit reductions

Course code Reduction From To
DCSG2005 7.5 AUTUMN 2019
IBED2003 7.5 AUTUMN 2020
IINI2009 7.5 AUTUMN 2020
IFUD1119 7.5 AUTUMN 2020
IDRI2004 7.5 AUTUMN 2020
INFT2001 7.5 AUTUMN 2020
DIFT2007 7.5 AUTUMN 2020
More on the course



Version: 1
Credits:  7.5 SP
Study level: Intermediate course, level II


Term no.: 1
Teaching semester:  SPRING 2024

Language of instruction: Norwegian

Location: Trondheim

Subject area(s)
  • Computer Science
Contact information
Course coordinator: Lecturer(s):

Department with academic responsibility
Department of Computer Science


Examination arrangement: Assignment and Written examination

Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
Autumn UTS School exam 40/100 E 2023-11-24 09:00 INSPERA
Room Building Number of candidates
SL310 blå sone Sluppenvegen 14 2
Spring ORD Assignment 60/100 ALLE INSPERA
Room Building Number of candidates
Spring ORD School exam 40/100 E INSPERA
Room Building Number of candidates
  • * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.

For more information regarding registration for examination and examination procedures, see "Innsida - Exams"

More on examinations at NTNU