course-details-portlet

IMT4115

Introduction to Information Security Management

Credits 7.5
Level Second degree level
Course start Autumn 2026
Duration 1 semester
Language of instruction English
Location Gjøvik
Examination arrangement Aggregate score

About

About the course

Course content

  • Introduction to Information security strategy and policy management
  • Cultural, organizational and behavioral theories used in information security management organizations.
  • Legal and ethical aspects of information security and privacy management.
  • Overview of current information security management standards and practices
  • How to develop a security program
  • Introduction to assess and treat risk: Threat and vulnerability modelling
  • Management models and management practices
  • Contingencies and maintenance of Information security
  • Information security emergency preparedness planning and incident management

Learning outcome

Knowledge:

The candidate possesses through knowledge of the fundamental theories models practice information security management for both large and small organizations. The candidate possesses insight and understanding of ethical and legal aspects within information security management and privacy management. The candidate possesses a good understanding of the risk management processes. The candidate possesses a good understanding of security planning and incident management process. The candidate possesses insight and good understanding of security awareness and security escalations issues in information security management work. The candidate possesses insight into the technological innovation process in IT security and its effect on security management. The candidate possesses basic knowledge of the standards in information security management.

Skills: The candidate is capable to analyze existing theory, models and methods in the field of information security management and work independently on solving theoretical and practical problems. The candidate is capable to apply his/her knowledge to both modeling the potential problems and the solutions in information security management and be able to communicate these problems and solutions using basic theoretical skills. The candidate is capable to use basic terminology and is aware of the basic standards used in the field of information security management.

General competence: Can participate in group work and manage different organization roles of information security management.

Learning methods and activities

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus Gjøvik, and are open for the different categories of students. All the lectures will also be available on Internet through the NTNU learning management system Canvas.

- Lectures are based on the book and other relevant literature and examples.

- There are group work with assignments (risk-analysis case, crisis management discussion exercise and term-paper)

- Self-reflection on group work regarding term-paper

The risk-analysis case (SOHO) is a mandatory assignment, where you work in groups of 2-3.

The crisis management discussion exercise require mandatory attendance, and are set up as a group exercise based on the term-paper group.

The risk-analysis work and the crisis management discussion exercise are mandatory assignments, and you will not be able to attend the exam if you haven't got the risk-analysis assignment approved and attended the exercise.

For the term-paper the deliveries are:

- Sign up for wanted book-project

- Create a schedule with shared management responsibilities

- Deliver book-project work plan included problem description and research questions for each chapter, included the shared management responsibilities

- Voluntary mid-term review

- Submission deadline by email: Selected responsible (by the group) deliver the full book-project by email to supervisor.

- Submission deadline in Inspera: Everyone delivers only their own contribution (term-paper/book-chapter) together with self-assessment/reflection.

The written exam is a school exam at the University.

Compulsory assignments

  • Obligatory crisis management discussion exercise
  • SOHO Risk Analysis

Further on evaluation

Mandatory assignments (approval passed/not passed required to be allowed to take the exam):

- SOHO Risk Analysis

- Crisis management discussion exercise

Forms of examination arrangement:

- Term-Paper (the book as a hole delivered by a selected member of the group, chapter from book-project delivered in Inspera (NTNUs exam system) together with self-reflection. Details are described in Canvas.

- 5-hours written individual school exam at the University. The written exam will be an essey exam with different questions covering the intended learning objectives of the course.

Each part must be passed to pass the course.

NTNU grading scale will be used: https://innsida.ntnu.no/wiki/-/wiki/English/Grading+scale (accessible in internal NTNU-system).

If one fail on either exam or the term-paper,

- One may do the re-sit examination for the written school exam in August.

- For failed term-paper the student need to sign up for the course next time offered and submit the term-paper in that semester.

- Retake of the course as a hole can be carried out next available semester (next fall). Retake can be carried out for partial assessments without already approved partial assessments needed to be taken again.

Specific conditions

Admission to a programme of study is required:
Civil Engineering (MIBYGG)
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)
Management of Innovation and Digital Security (MIIDS)

Required previous knowledge

Master entry Level

Master Information security (MIS, MISD or MISEB)

The course is available to "Bygg- og miljøteknikk" 2 year master program, but only for students in the track "Digitale byggeprosesser"/ Master in digital Building processes (NTNU Campus Gjøvik).

The course is available for students admitted to the Master in Industrial Innovation and Digital Security (MIIDS / NTNU Campus Gjøvik).

Course materials

Management of Information Security newest Edition by Michael E. Whitman (Author), Herbert J. Mattord (Author) ISBN for 2016: ISBN-13: 978-1305501256 / ISBN-10: 130550125X

Course Material provided in Canvas.

Credit reductions

Course code Reduction From
IMT4571 2.5 sp Autumn 2017
IIKG6503 7.5 sp Autumn 2020
This course has academic overlap with the courses in the table above. If you take overlapping courses, you will receive a credit reduction in the course where you have the lowest grade. If the grades are the same, the reduction will be applied to the course completed most recently.

Subject areas

  • Information Security

Contact information

Course coordinator

Lecturers

Department with academic responsibility

Department of Information Security and Communication Technology

Timetable

Timetable

Calendar view
List view
Show detailed timetable in TP Download .ics file iCal

Examination

Examination

Examination arrangement: Aggregate score
Grade: Letter grades

Ordinary examination - Autumn 2026

School exam
Weighting 51/100 Examination aids Code D Duration 5 hours Exam system Inspera Assessment Place and room Not specified yet.
Term paper
Weighting 49/100 Exam system Inspera Assessment

Re-sit examination - Summer 2027

School exam
Weighting 51/100 Examination aids Code D Duration 5 hours Exam system Inspera Assessment Place and room Not specified yet.

All about examinations at NTNU