Course - Introduction to Information Security Management - IMT4115
Introduction to Information Security Management
About
About the course
Course content
- Introduction to Information security strategy and policy management
- Cultural, organizational and behavioral theories used in information security management organizations.
- Legal and ethical aspects of information security and privacy management.
- Overview of current information security management standards and practices
- How to develop a security program
- Introduction to assessing and treating risk: Threat and vulnerability modelling
- Management models and management practices
- Contingencies and maintenance of Information security
- Information security planning and incident management
Learning outcome
Knowledge: The candidate possess through knowledge of the fundamental theories, models practices of information security management for both large and small organizations. The candidate possess insight and understanding of ethical and legal aspect information security management and privacy management. The candidate possesses good understanding of the risk management processes. The candidate possesses good understanding of security planning and incident management process. The candidate possess insight and good understand of security awareness and security escalations issues in information security management work. The candidate possess insight of the technological innovation process in IT security and its effect on security management. The candidate possess basic knowledge of the standards in information security management.
Skills: The candidate is capable of analyzing existing theory, models and methods in the field of information security management and work independently on solving theoretical and practical problems. The candidate is capable of applying his/her knowledge to both modeling the potential problems and the solutions in information security management and be able to communicate this problems and solutions using basic theoretical skills. The candidate is capable of using and the basic terminology and is aware of the basic standards used in the area of information security management.
General competence: Can participate in group work and manage different organization roles of information security management.
Learning methods and activities
The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus Gjøvik, and are open for both categories of students. All the lectures will also be available on Internet through the NTNU learning management system Blackboard.
- Lectures are based on the book and other relevant literature and examples
- There are group work with assignments (risk-analysis case and term-paper)
- There are group work in a incident management exercise
- Self-reflection on group work regarding term-paper
The risk-analysis case is a mandatory assignment, where you work in groups of 2-3.
The exercise requires mandatory attendance, where you work in the same groups as for the term-paper.
The risk-analysis assignment and the exercise are mandatory assignments, and you will not be able to attend the exam if you haven't got the risk-analysis assignment approved and if you haven't attended the exercise.
For the term-paper the deliveries are:
- Sign up for wanted project
- Select group-leader
- Deliver project-description (group-leader on behalf of the group)
- Voluntary mid-term review
- Submission deadline in Inspera: Group-leader deliver the full book-project with self-assessment/reflection
- Submission deadline in Inspera: All others delivers only their own contribution (term-paper) together with self-assessment/reflection
The exam is an digital open question exam with all materials accessible. NTNU grading scale will be used: https://innsida.ntnu.no/wiki/-/wiki/English/Grading+scale (accessible in internal NTNU-system).
Compulsory assignments
- Crisis Management Excersise
- SOHO Risk Analysis
Further on evaluation
Mandatory assignment and exercise (approval and attendance required to be allowed to take the exam):
- SOHO Risk Analysis.
- (1 day) Crisis Management/Incident response exercise. Attendance is required.
Forms of examination arrangement:
- Term-Paper (49%)
- 3-hours written individual exam (51%).
Each part must be passed to pass the course.
Re-sit:
- Ordinary re-sit examination for the written exam in August.
- For failed paper the student need to sign up for the course next time offered and submit the term-paper in that semester.
Specific conditions
Admission to a programme of study is required:
Civil and Environmental Engineering (MIBYGG)
Economics and Business Administration (ØAMSC)
Industrial Innovation and Digital Security (MIIDS)
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)
Required previous knowledge
Master entry Level.
The course is available to "Bygg- og miljøteknikk" 2 year master program, but only for students in the track "Digitale byggeprosesser"/ Master in digital Building processes.
The course is available for students admitted to the Master in Industrial Innovation and Digital Security (MIIDS)
Course materials
Management of Information Security newest Edition by Michael E. Whitman (Author), Herbert J. Mattord (Author) ISBN for 2016: ISBN-13: 978-1305501256 / ISBN-10: 130550125X Course Material provided on / Blackboard
Credit reductions
| Course code | Reduction | From |
|---|---|---|
| IMT4571 | 2.5 sp | Autumn 2017 |
| IIKG6503 | 7.5 sp | Autumn 2020 |
Subject areas
- Information Security
Contact information
Course coordinator
Lecturers
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination
Ordinary examination - Autumn 2021
Work
Submission 2021-12-17 Time Release 12:00
Submission 23:59 Exam system Inspera Assessment
School exam
The specified room can be changed and the final location will be ready no later than 3 days before the exam. You can find your room location on Studentweb.