IMT4129 - Risk Management for Information Security


Examination arrangement

Examination arrangement: Assignment and written examination
Grade: Letter grades

Evaluation Weighting Duration Grade deviation Examination aids
School exam 51/100 5 hours D
Assignment 49/100

Course content

  • Relationship to Management
  • Selected Risk Management Method(s)
  • Classifications of Risk Management methods
  • Risk, Threat and vulnerability discovery
  • Decision theory -Uncertainty -Game theory

Learning outcome

The focus of this course is 'cost effective information security'. In particular, it addresses the following UN Sustainability Development Goals:

Goal 8, target 8.2: Achieve higher levels of economic productivity through diversification, technological upgrading and innovation, including through a focus on high-value added and labour-intensive sectors.

Goal 12: Sustainable consumption and production is about doing more and better with less. It is also about decoupling economic growth from environmental degradation, increasing resource efficiency and promoting sustainable lifestyles.

Thus, having completed this course, the student will be able to contribute to employer performance with respect to both goal 8, target 8.2 and goal 12. In terms of learning outcomes, this is operationalized as follows:


  • Possesses advanced knowledge on the relationship between Management and Information Security Risk Management.
  • Possesses advanced knowledge on concepts and techniques utilized in selected information security risk management methods.
  • Possesses advanced knowledge of selected challenges facing the risk analyst.


  • Is able to perform Information Security Risk Management tasks to support the overall organizational objectives.
  • Is able to justify Information Security Management decisions through deductive arguments based on sound scientific principles.
  • Is able to challenge established practices/views held by other practitioners.

General competence:

  • Advanced level of understanding of selected assumptions/principles and models on which risk analysis methods are/should be based.

Learning methods and activities

Lectures, Seminar(s), Group work, Project work, Reverse class-room, Multiple choice tests/quizzes, PBL, Presentation of student projects by students

Mandatory activities that each student is required to complete ahead of the exam:

  • A scenario/case description must be submitted within 10 days of the first lecture.
  • Several multiple choice/ quizzes must be completed with a score above a given threshold. Minimum requirement is 50% score on 50% of the tests. To reduce lecturer work load, this may be implemented as a total score of 25% at the discretion of the course responsible.
  • Students must actively participate in at least 5 seminars through presentation of written material and participation in oral discussions. The students must document this participation in writing and hand in this documentation as part of their compulsory assignments.

Compulsory assignments

  • Coursework Requirement

Further on evaluation

Only students that have handed in the project report and successfully completed all mandatory activities will be permitted to do the exam. The course practices continuous evaluation thus, solutions to multiple choice tests will not be published.


  • The student must design a new scenario/case and all reports must be re-submitted, based on the new case, next time the course is offered. Other mandatory activities must also be completed (e.g. multiple choice tests).
  • Re-sit examination for the written examination in August.

Forms of assessment:

  • Group project reports / individual reports (49%)
  • Written exam 5 h (51%).

Specific conditions

Compulsory activities from previous semester may be approved by the department.

Admission to a programme of study is required:
Information Security (MIS)
Information Security (MISD)

Required previous knowledge

Must have completed IMT4115 - Introduction to information security management.

Course materials

Papers and reports available electronically through NTNU library, Google Scholar etc.

Credit reductions

Course code Reduction From To
IMT4762 3.7 AUTUMN 2017
IMT4772 3.7 AUTUMN 2017
More on the course



Version: 1
Credits:  7.5 SP
Study level: Second degree level


Term no.: 1
Teaching semester:  SPRING 2023

Language of instruction: English

Location: Gjøvik

Subject area(s)
  • Information Security
Contact information
Course coordinator:

Department with academic responsibility
Department of Information Security and Communication Technology


Examination arrangement: Assignment and written examination

Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
Spring ORD Assignment 49/100



Room Building Number of candidates
Spring ORD School exam 51/100 D 2023-06-09 09:00 INSPERA
Room Building Number of candidates
Summer UTS School exam 51/100 D INSPERA
Room Building Number of candidates
  • * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.

For more information regarding registration for examination and examination procedures, see "Innsida - Exams"

More on examinations at NTNU