course-details-portlet

IMT4115

Introduction to Information Security Management

Credits 7.5
Level Second degree level
Course start Autumn 2025
Duration 1 semester
Language of instruction English
Location Gjøvik
Examination arrangement Aggregate score

About

About the course

Course content

  • Introduction to Information security strategy and policy management
  • Cultural, organizational and behavioral theories used in information security management organizations.
  • Legal and ethical aspects of information security and privacy management.
  • Overview of current information security management standards and practices
  • How to develop a security program
  • Introduction to assessing and treating risk: Threat and vulnerability modelling
  • Management models and management practices
  • Contingencies and maintenance of Information security
  • Information security planning and incident management

Learning outcome

Knowledge: The candidate possess through knowledge of the fundamental theories, models practices of information security management for both large and small organizations. The candidate possess insight and understanding of ethical and legal aspect information security management and privacy management. The candidate possesses good understanding of the risk management processes. The candidate possesses good understanding of security planning and incident management process. The candidate possess insight and good understand of security awareness and security escalations issues in information security management work. The candidate possess insight of the technological innovation process in IT security and its effect on security management. The candidate possess basic knowledge of the standards in information security management.

Skills: The candidate is capable of analyzing existing theory, models and methods in the field of information security management and work independently on solving theoretical and practical problems. The candidate is capable of applying his/her knowledge to both modeling the potential problems and the solutions in information security management and be able to communicate this problems and solutions using basic theoretical skills. The candidate is capable of using and the basic terminology and is aware of the basic standards used in the area of information security management.

General competence: Can participate in group work and manage different organization roles of information security management.

Learning methods and activities

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus Gjøvik, and are open for the different categories of students. All the lectures will also be available on Internet through the NTNU learning management system Blackboard.

- Lectures are based on the book and other relevant literature and examples

- There are group work with assignments (risk-analysis case and term-paper)

- Self-reflection on group work regarding term-paper

The risk-analysis case (SOHO) is a mandatory assignment, where you work in groups of 2-3.

The risk-analysis exercise is a mandatory assignments, and you will not be able to attend the exam if you haven't got the risk-analysis assignment approved.

For the term-paper the deliveries are:

- Sign up for wanted project

- Select group-leader

- Deliver project-description (group-leader on behalf of the group)

- Voluntary mid-term review

- Submission deadline by email: Group-leader deliver the full book-project by email to supervisor.

- Submission deadline in Inspera: Everyone delivers only their own contribution (term-paper/book-chapter) together with self-assessment/reflection

The written exam is school exam at the University.

Compulsory assignments

  • SOHO Risk Analysis

Further on evaluation

Mandatory assignment (approval passed/not passed required to be allowed to take the exam):

- SOHO Risk Analysis

Forms of examination arrangement:

- Term-Paper (chapter from book-project; or as the group-leader: the book-project abstract, introduction and a smaller chapter). Details are described in Blackboard.

- 1,5-hours written individual school exam at the University. The written exam contains ca. 50 Multiple choice or similar questions with no material accessible.

Each part must be passed to pass the course.

NTNU grading scale will be used: https://innsida.ntnu.no/wiki/-/wiki/English/Grading+scale (accessible in internal NTNU-system).

If one fail on either exam or the paper,

- One may do the re-sit examination for the written school exam in August.

- For failed paper the student need to sign up for the course next time offered and submit the term-paper in that semester.

- Retake of the course as a hole can be carried out next available semester (next fall). Retake can be carried out for partial assessments without all partial assessments having to be taken up again.

Specific conditions

Admission to a programme of study is required:
Civil Engineering (MIBYGG)
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)
Management of Innovation and Digital Security (MIIDS)

Required previous knowledge

Master entry Level

Master Information security (MIS, MISD or MISEB)

The course is available to "Bygg- og miljøteknikk" 2 year master program, but only for students in the track "Digitale byggeprosesser"/ Master in digital Building processes (NTNU Campus Gjøvik).

The course is available for students admitted to the Master in Industrial Innovation and Digital Security (MIIDS / NTNU Campus Gjøvik).

Course materials

Management of Information Security newest Edition by Michael E. Whitman (Author), Herbert J. Mattord (Author) ISBN for 2016: ISBN-13: 978-1305501256 / ISBN-10: 130550125X

Course Material provided on / Blackboard

Credit reductions

Course code Reduction From
IMT4571 2.5 sp Autumn 2017
IIKG6503 7.5 sp Autumn 2020
This course has academic overlap with the courses in the table above. If you take overlapping courses, you will receive a credit reduction in the course where you have the lowest grade. If the grades are the same, the reduction will be applied to the course completed most recently.

Subject areas

  • Information Security

Contact information

Course coordinator

Lecturers

Department with academic responsibility

Department of Information Security and Communication Technology

Timetable

Timetable

Calendar view
List view
Show detailed timetable in TP Download .ics file iCal

Examination

Examination

Examination arrangement: Aggregate score
Grade: Letter grades

Ordinary examination - Autumn 2025

School exam
Weighting 51/100 Examination aids Code E Date 2025-12-12 Time 09:00 Duration 1.5 hours Exam system Inspera Assessment
Place and room for school exam

The specified room can be changed and the final location will be ready no later than 3 days before the exam. You can find your room location on Studentweb.

Mustad, Inngang D
Room M438 Eksamensrom 4.etg, Inngang D
90 candidates
Sluppenvegen 14
Room SL520
5 candidates
Term paper
Weighting 49/100 Date Submission 2025-12-19 Time Submission 23:59 Exam system Inspera Assessment

Re-sit examination - Summer 2026

School exam
Weighting 51/100 Examination aids Code E Duration 1.5 hours Exam system Inspera Assessment Place and room Not specified yet.

All about examinations at NTNU