Course - Risk Management for Information Security - IMT4129
IMT4129 - Risk Management for Information Security
About
Examination arrangement
Examination arrangement: Assignment and written examination
Grade: Letter grades
| Evaluation | Weighting | Duration | Grade deviation | Examination aids |
|---|---|---|---|---|
| School exam | 51/100 | 5 hours | D | |
| Assignment | 49/100 |
Course content
- Relationship to governance and management
- Selected Risk Management Method(s)
- Classifications of Risk Management methods
- Risk, Threat and vulnerability discovery
- Information security controls
- Decision theory -Uncertainty -Game theory
- Other topics considered useful in the context of risk management for information security
Learning outcome
The focus of this course is 'cost effective information security'. In particular, it addresses the following UN Sustainability Development Goals:
Goal 8, target 8.2: Achieve higher levels of economic productivity through diversification, technological upgrading and innovation, including through a focus on high-value added and labour-intensive sectors.
Goal 12: Sustainable consumption and production is about doing more and better with less. It is also about decoupling economic growth from environmental degradation, increasing resource efficiency and promoting sustainable lifestyles.
Thus, having completed this course, the student will be able to contribute to employer performance with respect to both goal 8, target 8.2 and goal 12. In terms of learning outcomes, this is operationalized as follows:
Knowledge:
- Possesses advanced knowledge on the relationship between Management and Information Security Risk Management.
- Possesses advanced knowledge on concepts and techniques utilized in selected information security risk management methods.
- Possesses advanced knowledge of selected challenges facing the risk analyst.
Skills:
- Is able to perform Information Security Risk Management tasks to support the overall organizational objectives.
- Is able to justify Information Security Management decisions through deductive arguments based on sound scientific principles.
- Is able to challenge established practices/views held by other practitioners.
General competence:
- Advanced level of understanding of selected assumptions/principles and models on which risk analysis methods are/should be based.
Learning methods and activities
Lectures, Seminar(s), Group work, Project work, Reverse class-room, Multiple choice tests/quizzes, PBL, Presentation of student projects by students, Student/peer assessments.
Mandatory activities that each student is required to complete ahead of the exam:
- EPN-OBLIG1: A scenario/case description must be submitted within 10 days of the first lecture.
- EPN-OBLIG2: Several multiple choice/ quizzes must be completed with a score above a given threshold. Minimum requirement is 25% of max achievable score..
- EPN-OBLIG3: Students must actively participate in at least 5 seminars through presentation of written material and participation in oral discussions. The students must document this participation in writing and hand in this documentation as part of their compulsory assignments.
- EPN-OBLIG4: Students must complete 4 peer assessment 'rounds'. Each round includes handing in written material to be assessed and also completing assessments of hand-ins provided by fellow students. Hand-ins and assessments must be completed and handed in by deadlines provided by the course responsible..
Compulsory assignments
- Scenario design
- Mandatory activities -QUIZ - 25 % score
- Active seminar participation
- Mandatory activities
Further on evaluation
Only students that have handed in the project report and successfully completed all mandatory activities will be permitted to do the exam. The course practices continuous evaluation thus, solutions to multiple choice tests will not be published.
Re-sit:
- The student must design a new scenario/case and all reports must be re-submitted, based on the new case, next time the course is offered. Other mandatory activities must also be completed (e.g. multiple choice tests).
- Re-sit examination for the written examination in August.
Retake: Retake can be carried out for some partial assessments without all partial assessments having to be taken up again.
Forms of assessment:
- Group project reports / individual reports (49%)
- Written exam 5 h (51%).
Specific conditions
Admission to a programme of study is required:
Information Security (MIS)
Information Security (MISD)
Recommended previous knowledge
The course covers various technical/mathematical topics such as e.g. present value, present value under uncertainty, uncertainty propagation, decision theory and game theory. Students are strongly recommended to obtain the following skills before registering for the course:
- Introductory statistics: Probabilities, conditional probabilities, probability distributions, cumulative distribution functions, normal, lognormal and uniform distributions, dependence/independence, Monte Carlo Simulations
- Introductory logic: Predicate calculus with logical connectives and quantifiers, some common 'laws'.
- Introductory programming : Preferably Python.
- Basic algebra : Solutions to multiple equations of multiple variables
- Basic mathematical analysis : Continuity, monotonicity, sets, closed intervals, orderings on R, differentiation/integration.
Students not possessing these skills may find it challenging to achieve the full learning objective for the course.
Required previous knowledge
Must have completed IMT4115 - Introduction to information security management.
Course materials
Papers and reports available electronically through NTNU library, Google Scholar etc.
Credit reductions
| Course code | Reduction | From | To |
|---|---|---|---|
| IMT4762 | 3.7 | AUTUMN 2017 | |
| IMT4772 | 3.7 | AUTUMN 2017 |
No
Version: 1
Credits:
7.5 SP
Study level: Second degree level
Term no.: 1
Teaching semester: SPRING 2024
Language of instruction: English
Location: Gjøvik , Trondheim
- Information Security
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination arrangement: Assignment and written examination
- Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
-
Spring
ORD
Assignment
49/100
Release
2024-04-23Submission
2024-05-14
12:00
INSPERA
12:00 -
Room Building Number of candidates - Spring ORD School exam 51/100 D 2024-05-28 09:00 INSPERA
-
Room Building Number of candidates SL310 turkis sone Sluppenvegen 14 3 M438 Eksamensrom 4.etg, Inngang D Mustad, Inngang D 17 - Summer UTS School exam 51/100 D INSPERA
-
Room Building Number of candidates
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"