IMT4115 - Introduction to Information Security Management


Examination arrangement

Examination arrangement: Aggregate score
Grade: Letter grades

Evaluation Weighting Duration Grade deviation Examination aids
Assignment/term-paper 49/100
Home examination 51/100 3 hours

Course content

  • Introduction to Information security strategy and policy management
  • Cultural, organizational and behavioral theories used in information security management organizations.
  • Legal and ethical aspects of information security and privacy management.
  • Overview of current information security management standards and practices
  • How to develop a security program
  • Introduction to assessing and treating risk: Threat and vulnerability modelling
  • Management models and management practices
  • Contingencies and maintenance of Information security
  • Information security planning and incident management

Learning outcome

Knowledge: The candidate possess through knowledge of the fundamental theories, models practices of information security management for both large and small organizations. The candidate possess insight and understanding of ethical and legal aspect information security management and privacy management. The candidate possesses good understanding of the risk management processes. The candidate possesses good understanding of security planning and incident management process. The candidate possess insight and good understand of security awareness and security escalations issues in information security management work. The candidate possess insight of the technological innovation process in IT security and its effect on security management. The candidate possess basic knowledge of the standards in information security management.

Skills: The candidate is capable of analyzing existing theory, models and methods in the field of information security management and work independently on solving theoretical and practical problems. The candidate is capable of applying his/her knowledge to both modeling the potential problems and the solutions in information security management and be able to communicate this problems and solutions using basic theoretical skills. The candidate is capable of using and the basic terminology and is aware of the basic standards used in the area of information security management.

General competence: Can participate in group work and manage different organization roles of information security management.

Learning methods and activities

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus Gjøvik, and are open for the different categories of students. All the lectures will also be available on Internet through the NTNU learning management system Blackboard.

- Lectures are based on the book and other relevant literature and examples

- There are group work with assignments (risk-analysis case and term-paper)

- There are group work in a cyber-security incident management exercise

- Self-reflection on group work regarding term-paper

The risk-analysis case is a mandatory assignment, where you work in groups of 2-3.

The exercise requires mandatory digital attendance, where you work in the same groups as for the term-paper.

The risk-analysis assignment and the exercise are mandatory assignments, and you will not be able to attend the exam if you haven't got the risk-analysis assignment approved and if you haven't attended the exercise.

For the term-paper the deliveries are:

- Sign up for wanted project

- Select group-leader

- Deliver project-description (group-leader on behalf of the group)

- Voluntary mid-term review

- Submission deadline by email: Group-leader deliver the full book-project by email to supervisor.

- Submission deadline in Inspera: Everyone delivers only their own contribution (term-paper/book-chapter) together with self-assessment/reflection

The exam is an digital open ended questions exam with all materials accessible. NTNU grading scale will be used: (accessible in internal NTNU-system).

Compulsory assignments

  • SOHO Risk Analysis (OBL1)
  • Crisis management exercise

Further on evaluation

Mandatory assignment and exercise (approval and attendance required to be allowed to take the exam):

- SOHO Risk Analysis.

- (1 day) Crisis Management/Incident response exercise. Digital attendance is required.

Forms of examination arrangement:

- Term-Paper (chapter from book-project; or as the group-leader: the book-project abstract, introduction and a smaller chapter). Details are described in Blackboard.

- 3-hours written individual home exam.

Each part must be passed to pass the course.


- Ordinary re-sit examination for the written home exam in August.

- For failed paper the student need to sign up for the course next time offered and submit the term-paper in that semester.

Retake: Retake can be carried out for some partial assessments without all partial assessments having to be taken up again.

Required previous knowledge

Master entry Level.

The course is available to "Bygg- og miljøteknikk" 2 year master program, but only for students in the track "Digitale byggeprosesser"/ Master in digital Building processes.

The course is available for students admitted to the Master in Industrial Innovation and Digital Security (MIIDS)

Course materials

Management of Information Security newest Edition by Michael E. Whitman (Author), Herbert J. Mattord (Author) ISBN for 2016: ISBN-13: 978-1305501256 / ISBN-10: 130550125X

Course Material provided on / Blackboard

Credit reductions

Course code Reduction From To
IMT4571 2.5 AUTUMN 2017
IIKG6503 7.5 AUTUMN 2020
More on the course



Version: 1
Credits:  7.5 SP
Study level: Second degree level


Term no.: 1
Teaching semester:  AUTUMN 2023

Language of instruction: English

Location: Gjøvik , Trondheim

Subject area(s)
  • Information Security
Contact information
Course coordinator: Lecturer(s):

Department with academic responsibility
Department of Information Security and Communication Technology


Examination arrangement: Aggregate score

Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
Autumn ORD Home examination 51/100





Room Building Number of candidates
Autumn ORD Assignment/term-paper 49/100





Room Building Number of candidates
Summer UTS Home examination 51/100 INSPERA
Room Building Number of candidates
  • * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.

For more information regarding registration for examination and examination procedures, see "Innsida - Exams"

More on examinations at NTNU