Course - Risk Management - DCST2005
DCST2005 - Risk Management
About
Examination arrangement
Course content
- Information security management Systems (ISMS)
- Security work
- The standards ISO 27001 and 27002.
- Security policies, security culture and evaluation.
- Risk management, including risk assessment and analysis.
- Risk communication
- Information classification and access control.
- Incident response: planning and running.
- Measuring security and key figures.
- Outsourcing
Learning outcome
Knowledge:
The candidate can:
- explain the use of ISO 27001 and 27002, especially with regards to joint use and differences in information security management.
- explain the importance of information security for a company's monetary and reputational value.
- explain a stepwise plan for employing an ISMS, and show critical factors for each phase.
- explain risk in an information security context, evaluate risk in information systems and make contingency plans.
Skills:
The candidate can:
- make an assessment of strategy and measures for anchoring the safety work, based on a prior analysis of the situation in an example company
- carry out a threat profiling and risk analysis for an example company based on a standard procedure, and prioritize and implement relevant measures with a focus on protecting identities
- propose a strategy to involve both the company's own employees and any external expertise in the change processes related to the introduction of an ISMS
- given guidelines or standards, carry out an information security risk assessment on a given information system
General competence:
The candidate can:
- search for and apply relevant subject matter to shed light on a given problem
- present security problems and solutions both in writing and orally
Learning methods and activities
Lectures, project work in larger groups, obligatory assignments, reflection, guidance meetings. The students will be split into groups. Each group will work on an information security assignment with focus on risk assessments and a supporting ISMS.
Further on evaluation
Evaluation:
- Written exam, 2 hours, counts 40%
- Project, counts 60%
Both the exam and the project needs to be passed in order to pass the course.
Delayed exam for the written exam in December. A retake of the project will need to be done the next time the course is taught.
Specific conditions
Admission to a programme of study is required:
Digital Infrastructure and Cyber Security (BDIGSEC)
Recommended previous knowledge
Cyber security and Teamwork (DCST1002)
Required previous knowledge
Admission to a programme of study is required: Bachelor in Digital Infrastructure and Cyber Security.
Course materials
Announced at the start of semester.
Credit reductions
| Course code | Reduction | From | To |
|---|---|---|---|
| DCSG2005 | 7.5 | AUTUMN 2019 | |
| IBED2003 | 7.5 | AUTUMN 2020 | |
| IINI2009 | 7.5 | AUTUMN 2020 | |
| IFUD1119 | 7.5 | AUTUMN 2020 | |
| IDRI2004 | 7.5 | AUTUMN 2020 | |
| INFT2001 | 7.5 | AUTUMN 2020 | |
| DIFT2007 | 7.5 | AUTUMN 2020 |
No
Version: 1
Credits:
7.5 SP
Study level: Intermediate course, level II
Term no.: 1
Teaching semester: SPRING 2024
Language of instruction: Norwegian
Location: Trondheim
- Computer Science
Department with academic responsibility
Department of Computer Science
Examination
Examination arrangement: Assignment and Written examination
- Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
- Autumn UTS School exam 40/100 E 2023-11-24 09:00 INSPERA
-
Room Building Number of candidates SL310 blå sone Sluppenvegen 14 2 - Spring ORD Assignment 60/100 ALLE INSPERA
-
Room Building Number of candidates - Spring ORD School exam 40/100 E INSPERA
-
Room Building Number of candidates
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"