Course content

Review on how to work with cases base information

How to lead a root cause analysis and a after action review.

Current PSIRT and CERT systems.

Internal reporting of  information Security and Privacy Incidents 

External Reporing of information Security and Privacy Incidents

Learning outcome

Knowledge:

The candidate possess though knowledge of ethical and legal aspect information security management and privacy management

The candidate possesses through understanding of the risk management processes for both security and privacy issues with both larger and small orgnaizations.

The candidate possesses through understanding of   security planning and incident management process

The candidate possess a broad understanding of  how different security and methodologies and practices are used in approaching different information security problems and solutions.

The candidate possess the insight and awareness of relevant  practical and scientific sources in relations to information security  problems and solutions.

Skills:

The student can  analysi read and even write  

security warnings and common vulnerability events bullentins that are used following industrial best practices today.

The student can perform a security , privacy and risk analysis of  an organization security both from second had and first and infrormation

The student has the capability to interview appropriate stakeholders in a organization  questions to extract information about a security incident outlined in a security scenario.

The students has the capability to analysis and write information security policy guidelines and rules .

General competence

The student is capable of analyzing relevant professional and research ethical problems in information security organization and management.

The student is capable of leading the discussions of  a group of security and non security professoinals  in a meeting or workshop.

The student is capable of leading and contributing to both organization and technological innovation processes.

Learning methods and activities

Ekskursjoner|Essay|Forelesninger|Gruppearbeid|Nettbasert Læring|Nettstøttet læring|Obligatoriske oppgaver|Prosjektarbeid|Refleksjon|Samling(er)/seminar(er)|Veiledning|Annet

Utfyllende informasjon:

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC¿s learning management system (ClassFronter).

Obligatoriske arbeidskrav:

Each group must present their mini case work s/case (approved/not approved).

Further on evaluation

Utfyllende om kontinuasjon:

Yes, in accordance with the course responsible.

Vurderingsformer:

Group Project reports (49%)

Individual, written reflection on the group project work (51%).

All parts must be passed to pass the course.

Specific conditions

Required previous knowledge

IMT4129 Risk Management for Information Security, IMT4127 Security Management Metrics, IMT4128 Socio-technical Systems Enabled Crime

Course materials

Books/standards, conference/journal papers and web resources.