Course - Risk Management - DCST2005
Risk Management
Choose study yearAssessments and mandatory activities may be changed until September 20th.
About
About the course
Course content
- Information security management Systems (ISMS)
- Security work
- The standards ISO 27001 and 27002.
- Security policies, security culture and evaluation.
- Risk management, including risk assessment and analysis.
- Risk communication
- Information classification and access control.
- Incident response: planning and running.
- Measuring security and key figures.
- Outsourcing
Learning outcome
Knowledge:
The candidate can:
- explain the use of ISO 27001 and 27002, especially with regards to joint use and differences in information security management.
- explain the importance of information security for a company's monetary and reputational value.
- explain a stepwise plan for employing an ISMS, and show critical factors for each phase.
- explain risk in an information security context, evaluate risk in information systems and make contingency plans.
Skills:
The candidate can:
- make an assessment of strategy and measures for anchoring the safety work, based on a prior analysis of the situation in an example company
- carry out a threat profiling and risk analysis for an example company based on a standard procedure, and prioritize and implement relevant measures with a focus on protecting identities
- propose a strategy to involve both the company's own employees and any external expertise in the change processes related to the introduction of an ISMS
- given guidelines or standards, carry out an information security risk assessment on a given information system
General competence:
The candidate can:
- search for and apply relevant subject matter to shed light on a given problem
- present security problems and solutions both in writing and orally
Learning methods and activities
Lectures, project work in larger groups, obligatory assignments, reflection, guidance meetings.
Complementary information: The students will be split into groups. Each group will work on an information security assignment with focus on risk assessments and a supporting ISMS.
Further on evaluation
The project is done in groups. All students in the group normally receive the same grade based on the group assignment. In special cases where a student has not contributed sufficiently, the student may be given individual grades based on documented lack of effort and/or workload.
Both the exam and the project need to be passed in order to pass the course.
The project and exam are given in English only. The project report and exam can be submitted in either English or Norwegian.
The re-sit examination is held in August. Written exam might be changed to oral exam for the re-sit exam.
In the event of voluntary repetition, fail (F) or valid absence, the entire project must be retaken in a semester with teaching.
Continuation and voluntary repetition/improvement can be carried out for some partial assessments without all partial assessments in a subject having to be taken up again.
Specific conditions
Admission to a programme of study is required:
Digital Infrastructure and Cyber Security (BDIGSEC)
Recommended previous knowledge
Cyber security and Teamwork (DCST1002)
Required previous knowledge
Admission to a programme of study is required: Bachelor in Digital Infrastructure and Cyber Security.
Course materials
Announced at the start of semester.
Credit reductions
| Course code | Reduction | From |
|---|---|---|
| DCSG2005 | 7.5 sp | Autumn 2019 |
| IBED2003 | 7.5 sp | Autumn 2020 |
| IINI2009 | 7.5 sp | Autumn 2020 |
| IFUD1119 | 7.5 sp | Autumn 2020 |
| IDRI2004 | 7.5 sp | Autumn 2020 |
| INFT2001 | 7.5 sp | Autumn 2020 |
| DIFT2007 | 7.5 sp | Autumn 2020 |
Subject areas
- Computer Science
Contact information
Course coordinator
Department with academic responsibility
Department of Information Security and Communication Technology