Course content

-Security Governance of and in IS/IT Systems
-The Risk Management Process: Including Risk assessment and Analysis
-Security Standards and Best Practices (ISO 27000-series)
-IT Service Management and Security
-Risk Communication
-Security Compliance
-Security Policy and regulation development
-Security Management
-Information classification and access control
-Incident response, planning and execution
-Security and Awareness Training of management and employees
-Management tools and practices
-Security Metrics and Key performance indicators
-Outsourcing and security

Learning outcome

Knowledge
-The student can understand and explain the general principles of IT/IS security management and governance
-The student understands risk in an information security context
-The student knows how to risk assess information systems.
-The student has a good overview international security and privacy compliances standards and rules.
-The student understands the role of security in IT service management.
-The student has and understanding and can apply basic organizational theory and organizational behavior concepts to the information security and information technology management problem
-The student has a good overview of planning for business continuity and can identify of critical systems
-The student should understand and explain the need for security requirements in a case study

Skills
-The student can, given guidelines or standards, carry out an information security risk assessment on a given information/technology system
-The student can collaborate with system owners and supervisors and can adjust his or her practice based on their feedback
-The student can understand Security's role in IT Service Management and weight costs and benefits of a proposed risk treatment.
-The student can present security problems and solutions to both employees and managers

General Competence
-The student can lead and contribute to security work or a team of diverse experts and competence
-The student can conduct information security risk assessments
The student has knowledge of information security management and control
-The student candidate is aware of the importance of both mastering oral and written communication skills in regards to explaining security problem and security solutions to systems owners and users in both face-to-face and online environments.

Learning methods and activities

-Lectures
-Group work
-Web-based learning
-Compulsory assignments
-Reflection
-Seminars

Further information:
Students are divided into groups where each group is assigned a task with an information security topic. The projects will involve risk assessments of current and/or future systems. n addition, one part will revolve around system understanding in relation to IT service management.

Specific conditions

Recommended previous knowledge

IMT1003 Introduction to IT-Operations and Information Security
IMT2243 Software Engineering

Course materials

1. Talabis, M & Martin. J 2012). Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis. Syngress.
2. Veiledning i Risikovurdering for Informasjonssikkerhet ved NTNU. Teknisk rapport tilgjengelig i Blackboard, v/ Seksjon for digital sikkerhet (nyeste versjon)
3. ITSM fagstoff blir tilgjengeliggjort i Blackboard.
4. NSM Grunnprinsipper for IKT-sikkerhet (nyeste versjon)
5. NSM Veileder i sikkerhetsstyring (nyeste versjon)
6. ISO/IEC 27001, 27002 og 27005 (nyeste versjon)
7. Diverse artikler.

Credit reductions