course-details-portlet

DCST2005

Risk Management

Choose study year

Assessments and mandatory activities may be changed until September 20th.

Credits 7.5
Level Intermediate course, level II
Course start Spring 2026
Duration 1 semester
Language of instruction English
Location Trondheim
Examination arrangement Assignment and Written examination

About

About the course

Course content

  • Information security management Systems (ISMS)
  • Security work
  • The standards ISO 27001 and 27002.
  • Security policies, security culture and evaluation.
  • Risk management, including risk assessment and analysis.
  • Risk communication
  • Information classification and access control.
  • Incident response: planning and running.
  • Measuring security and key figures.
  • Outsourcing

Learning outcome

Knowledge:

The candidate can:

  • explain the use of ISO 27001 and 27002, especially with regards to joint use and differences in information security management.
  • explain the importance of information security for a company's monetary and reputational value.
  • explain a stepwise plan for employing an ISMS, and show critical factors for each phase.
  • explain risk in an information security context, evaluate risk in information systems and make contingency plans.

Skills:

The candidate can:

  • make an assessment of strategy and measures for anchoring the safety work, based on a prior analysis of the situation in an example company
  • carry out a threat profiling and risk analysis for an example company based on a standard procedure, and prioritize and implement relevant measures with a focus on protecting identities
  • propose a strategy to involve both the company's own employees and any external expertise in the change processes related to the introduction of an ISMS
  • given guidelines or standards, carry out an information security risk assessment on a given information system

General competence:

The candidate can:

  • search for and apply relevant subject matter to shed light on a given problem
  • present security problems and solutions both in writing and orally

Learning methods and activities

Lectures, project work in larger groups, obligatory assignments, reflection, guidance meetings.

Complementary information: The students will be split into groups. Each group will work on an information security assignment with focus on risk assessments and a supporting ISMS.

Further on evaluation

The project is done in groups. All students in the group normally receive the same grade based on the group assignment. In special cases where a student has not contributed sufficiently, the student may be given individual grades based on documented lack of effort and/or workload.

Both the exam and the project need to be passed in order to pass the course.

The project and exam are given in English only. The project report and exam can be submitted in either English or Norwegian.

The re-sit examination is held in August. Written exam might be changed to oral exam for the re-sit exam.

In the event of voluntary repetition, fail (F) or valid absence, the entire project must be retaken in a semester with teaching.

Continuation and voluntary repetition/improvement can be carried out for some partial assessments without all partial assessments in a subject having to be taken up again.

Specific conditions

Admission to a programme of study is required:
Digital Infrastructure and Cyber Security (BDIGSEC)

Required previous knowledge

Admission to a programme of study is required: Bachelor in Digital Infrastructure and Cyber Security.

Course materials

Announced at the start of semester.

Credit reductions

Course code Reduction From
DCSG2005 7.5 sp Autumn 2019
IBED2003 7.5 sp Autumn 2020
IINI2009 7.5 sp Autumn 2020
IFUD1119 7.5 sp Autumn 2020
IDRI2004 7.5 sp Autumn 2020
INFT2001 7.5 sp Autumn 2020
DIFT2007 7.5 sp Autumn 2020
This course has academic overlap with the courses in the table above. If you take overlapping courses, you will receive a credit reduction in the course where you have the lowest grade. If the grades are the same, the reduction will be applied to the course completed most recently.

Subject areas

  • Computer Science

Contact information

Course coordinator

Department with academic responsibility

Department of Information Security and Communication Technology

Examination

Examination

Examination arrangement: Assignment and Written examination
Grade: Letter grades

Ordinary examination - Spring 2026

Assignment
Weighting 60/100 Examination aids Code A Exam system Inspera Assessment
School exam
Weighting 40/100 Examination aids Code E Duration 2 hours Exam system Inspera Assessment Place and room Not specified yet.

Re-sit examination - Summer 2026

School exam
Weighting 40/100 Examination aids Code E Duration 2 hours Exam system Inspera Assessment Place and room Not specified yet.