course-details-portlet

IMT2008

ITSM, Security and Risk Management

Lessons are not given in the academic year 2016/2017

Credits 10
Level Intermediate course, level II

About

About the course

Course content

Governance Compliance Risk of and in IS/IT Systems

Privacy Compliance, Legal Compliance

Security Policy and regulation development

Threat Modeling

Risk Monitoring

Risk Communication

Risk Analysis

System Modeling and socio-technical analysis

Safety and/vs Security Management

Organizational Theory and Security

Organizational Behavior and Security

Information classification and access control

Incident response, planning and execution

Investigation and Ethics

Security Standards and Best Practices

Security , Awareness Training , of management and employees

Management tools and practices

Security Metrics and Key performance indicators

Outsources contracts and IS/IT security (IS/IT) in the cloud

Learning outcome

Knowledge

The student understand and can explain the general principles of IT/IS security management

The student has a good overview of past and present national and international security and privacy compliances standards and rules.

The student has and understanding and can apply basic organizational theory and organizational behavior concepts to the information security and information technology management problem

The student has a good overview of planning for business continuity and can identify of critical systems

The student should understand and can explain security requirements for a IT outsource

Skills

The student can, given guidelines or standards carry out a threat and risk assessment on a given information/technology systems

The candidate can collaborate with system owners and supervisors and can adjust his or her practice based on their feedback

The student can organize an structure an incident response team

The student can present security problems and solutions to both employees and managers

General Competence

The student can lead and contribute to security work or a team of diverse experts and competence

The student candidate is aware of the importance of both mastering oral and written communication skills in regards to explaining security problem and security solutions to systems owners and users in both face-to-face and online environments.

Learning methods and activities

Forelesninger|Gruppearbeid|Nettstøttet læring|Obligatoriske oppgaver|Refleksjon|Samling(er)/seminar(er)

Utfyllende informasjon:

The student students are assigned to a group of 3-6 persons. Each group get a task assigned from a external systems owner and a particular case. The project are based information security cases and involve risk assessments of current and future systems (innovations) and also contingency planning of these systems.

Further on evaluation

Utfyllende om kontinuasjon:

Re-sit examination for the written exam in August.

Vurderingsformer:

Written exam, 2 hours, counts for 50 %

Assessment of projects, counts for 50 %

Both parts must be passed.

Specific conditions

Admission to a programme of study is required:
IT-drift og informasjonssikkerhet (BITSEC)

Required previous knowledge

IMT1003 Introduction to IT-Operations and Information Security

Credit reductions

Course code Reduction From
IMT1132 7.5 sp
IMT1381 2.5 sp
This course has academic overlap with the courses in the table above. If you take overlapping courses, you will receive a credit reduction in the course where you have the lowest grade. If the grades are the same, the reduction will be applied to the course completed most recently.

Subject areas

  • Information Security

Contact information

Department with academic responsibility

Department of Information Security and Communication Technology

Examination

Examination

All about examinations at NTNU