Course - Risk Management - DCSG2005
DCSG2005 - Risk Management
About
Examination arrangement
Course content
Information Security Management:
- Information Security Management Systems (ISMS)
- Frameworks for security work and security management
- NSM's basic principles in ICT security and security management
- Standards 27001, 27002, and 27005
- Security policy and evaluation
Risk management process:
- Defining scope
- Information classification and access control
- Risk assessment and analysis, including asset, threat, and vulnerability
- Security mechanisms and risk handling
- Risk communication
- Incident handling, planning, and execution
- Security measurements and key figures
Sustainability:
DCSG2005 supports goal number 9 by contributing to ensuring industry, innovation, and infrastructure, as well as protecting trade secrets and innovations. The subject also contributes to goal 16, Peace, Justice, and Strong Institutions, by making it more difficult to succeed in cyber attacks.
Learning outcome
Knowledge
- Understanding and explaining the general principles of security management and control within digital security.
- Understanding risk in an information security context and the purpose of risk management.
- Knowing how to perform risk assessments and audits of information systems.
- Understanding the application areas for international security and privacy standards.
- Understanding and explaining the need for security requirements in a case study.
Skills
- Conducting an information security risk assessment on a given information system based on guidelines or standards.
- Collaborating with system owners and managers, adjusting practices and results based on their feedback.
- Presenting security issues and solutions to both employees and managers.
General Competence
- Leading and contributing to security work in a team consisting of individuals with different expertise and skills.
- Conducting information security risk assessments.
- Having knowledge of information security management and control.
- Understanding the importance of both oral and written communication skills in explaining security issues and solutions to system owners and users, both face-to-face and online.
Learning methods and activities
- Lectures
- Group work
- Online learning support
- Mandatory tasks
Additional information: Students are divided into groups and assigned tasks based on information security. Projects involve risk assessments and audits of current and future systems.
Further on evaluation
Assessment:
- Digital exam, 2 hours, counts for 40%
- Group project submission counts for 60%
- Both parts must be passed.
Continuation and voluntary repetition/improvement can be carried out for some partial assessments without all partial assessments in a subject having to be taken up again.
Deferred exam for written exams in August.
Presentation of the project with mandatory attendance.
Specific conditions
Admission to a programme of study is required:
Business Administration (BØA)
Digital Infrastructure and Cyber Security (BDIGSEC)
Logistics Management (BLOG)
Recommended previous knowledge
DCSG1002 - Cyber security and teamwork
Credit reductions
| Course code | Reduction | From | To |
|---|---|---|---|
| DCST2005 | 7.5 | AUTUMN 2019 | |
| IMT2008 | 7.5 | AUTUMN 2020 | |
| DIFT2007 | 7.5 | AUTUMN 2020 | |
| INFT2001 | 7.5 | AUTUMN 2020 |
No
Version: 1
Credits:
7.5 SP
Study level: Intermediate course, level II
Term no.: 1
Teaching semester: SPRING 2025
Language of instruction: Norwegian
Location: Gjøvik
- Computer Science
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination arrangement: Assignment and Written examination
- Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
- Spring ORD Assignment 60/100 A INSPERA
-
Room Building Number of candidates - Spring ORD School exam 40/100 E INSPERA
-
Room Building Number of candidates - Summer UTS School exam 40/100 E INSPERA
-
Room Building Number of candidates
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"