course-details-portlet

DCSG2005

Risk Management

Choose study year
Credits 7.5
Level Intermediate course, level II
Course start Spring 2025
Duration 1 semester
Language of instruction Norwegian
Location Gjøvik
Examination arrangement Assignment and Written examination

About

About the course

Course content

Information Security Management:

  • Information Security Management Systems (ISMS)
  • Frameworks for security work and security management
  • NSM's basic principles in ICT security and security management
  • Standards 27001, 27002, and 27005
  • Security policy and evaluation

Risk management process:

  • Defining scope
  • Information classification and access control
  • Risk assessment and analysis, including asset, threat, and vulnerability
  • Security mechanisms and risk handling
  • Risk communication
  • Incident handling, planning, and execution
  • Security measurements and key figures

Sustainability:

DCSG2005 supports goal number 9 by contributing to ensuring industry, innovation, and infrastructure, as well as protecting trade secrets and innovations. The subject also contributes to goal 16, Peace, Justice, and Strong Institutions, by making it more difficult to succeed in cyber attacks.

Learning outcome

Knowledge

  • Understanding and explaining the general principles of security management and control within digital security.
  • Understanding risk in an information security context and the purpose of risk management.
  • Knowing how to perform risk assessments and audits of information systems.
  • Understanding the application areas for international security and privacy standards.
  • Understanding and explaining the need for security requirements in a case study.

Skills

  • Conducting an information security risk assessment on a given information system based on guidelines or standards.
  • Collaborating with system owners and managers, adjusting practices and results based on their feedback.
  • Presenting security issues and solutions to both employees and managers.

General Competence

  • Leading and contributing to security work in a team consisting of individuals with different expertise and skills.
  • Conducting information security risk assessments.
  • Having knowledge of information security management and control.
  • Understanding the importance of both oral and written communication skills in explaining security issues and solutions to system owners and users, both face-to-face and online.

Learning methods and activities

  • Lectures
  • Group work
  • Online learning support
  • Mandatory tasks

Additional information: Students are divided into groups and assigned tasks based on information security. Projects involve risk assessments and audits of current and future systems.

Further on evaluation

Assessment:

  • Digital exam, 2 hours, counts for 40%
  • Group project submission counts for 60%
  • Both parts must be passed.

Continuation and voluntary repetition/improvement can be carried out for some partial assessments without all partial assessments in a subject having to be taken up again.

Deferred exam for written exams in August.

Presentation of the project with mandatory attendance.

Credit reductions

Course code Reduction From
DCST2005 7.5 sp Autumn 2019
IMT2008 7.5 sp Autumn 2020
DIFT2007 7.5 sp Autumn 2020
INFT2001 7.5 sp Autumn 2020
This course has academic overlap with the courses in the table above. If you take overlapping courses, you will receive a credit reduction in the course where you have the lowest grade. If the grades are the same, the reduction will be applied to the course completed most recently.

Subject areas

  • Computer Science

Contact information

Course coordinator

Lecturers

Department with academic responsibility

Department of Information Security and Communication Technology