course-details-portlet

IMT4129 - Risk Management for Information Security

About

Examination arrangement

Examination arrangement: Aggregate score
Grade: Letter grades

Evaluation Weighting Duration Grade deviation Examination aids
Project report 40/100
School exam 60/100 5 hours

Course content

  • Relationship to governance and management
  • Selected Risk Management Method(s)
  • Classifications of Risk Management methods
  • Risk, Threat and vulnerability discovery
  • Information security controls
  • Decision theory -Uncertainty -Game theory
  • Other topics considered useful in the context of risk management for information security

Learning outcome

The focus of this course is 'cost effective information security'. In particular, it addresses the following UN Sustainability Development Goals:

Goal 8, target 8.2: Achieve higher levels of economic productivity through diversification, technological upgrading and innovation, including through a focus on high-value added and labour-intensive sectors.

Goal 12: Sustainable consumption and production is about doing more and better with less. It is also about decoupling economic growth from environmental degradation, increasing resource efficiency and promoting sustainable lifestyles.

Thus, having completed this course, the student will be able to contribute to employer performance with respect to both goal 8, target 8.2 and goal 12. In terms of learning outcomes, this is operationalized as follows:

Knowledge:

  • Possesses advanced knowledge on the relationship between Management and Information Security Risk Management.
  • Possesses advanced knowledge on concepts and techniques utilized in selected information security risk management methods.
  • Possesses advanced knowledge of selected challenges facing the risk analyst.

Skills:

  • Is able to perform Information Security Risk Management tasks to support the overall organizational objectives.
  • Is able to justify Information Security Management decisions through deductive arguments based on sound scientific principles.
  • Is able to challenge established practices/views held by other practitioners.

General competence:

  • Advanced level of understanding of selected assumptions/principles and models on which risk analysis methods are/should be based.

Learning methods and activities

Lectures, Seminar(s), Group work, Project work, Reverse class-room, Multiple choice tests/quizzes, PBL, Presentation of student projects by students, Student/peer assessments.

Mandatory activities are valid only for the term when they are completed.

Mandatory activities that each student is required to complete ahead of the exam:

  • EPN-OBLIG1: A scenario/case description must be submitted within 10 days of the first lecture.
  • EPN-OBLIG2: Several multiple choice/ quizzes must be completed with a score above a given threshold. Minimum requirement is 25% of max achievable score..
  • EPN-OBLIG3: Students must actively participate in at least 5 seminars through presentation of written material and participation in oral discussions. The students must document this participation in writing and hand in this documentation as part of their compulsory assignments.
  • EPN-OBLIG4: Students must complete 4 peer assessment 'rounds'. Each round includes handing in written material to be assessed and also completing assessments of hand-ins provided by fellow students. Hand-ins and assessments must be completed and handed in by deadlines provided by the course responsible..

Compulsory assignments

  • EPN-OBLIG1 Scenario
  • EPN-OBLIG2 Quiz
  • EPN-OBLIG3 Active participation
  • EPN-OBLIG4: Student peer evaluation

Further on evaluation

Only students that have successfully completed all mandatory activities will be permitted to do the exam. The course practices continuous evaluation thus, solutions to multiple choice tests will not be published.

Re-sit:

  • The student must design a new scenario/case and all reports must be re-submitted, based on the new case, next time the course is offered. Other mandatory activities must also be completed.
  • Re-sit examination for the written examination in August.

Retake: All partial assessments and mandatory activities must be re-done.

Forms of assessment:

  • Group project reports / individual reports (40%)
  • Written exam 5 h (60%).

OS1-1 (Project report) must be passed for students to be permitted to do the written exam OS1-2.

To pass the course, both OS1-1 and OS1-2 must be passed.

If there is a complaint on an F in OS1-1, and the complaint cannot be processed ahead of the date of OS1-2, the student may be permitted to sit the exam. If the conclusion of the complaint is 'F or OS1-2 is failed, the complete course must be re-taken next time the course is offered. ,

Mandatory activities OBLIG1, OBLIG2, OBLIG3, OBLIG4 are only valid for the term when they have been approved.

Specific conditions

Admission to a programme of study is required:
Information Security (MIS)
Information Security (MISD)

Required previous knowledge

Must have completed IMT4115 - Introduction to information security management.

Course materials

Papers and reports available electronically through NTNU library, Google Scholar etc.

Credit reductions

Course code Reduction From To
IMT4762 3.7 AUTUMN 2017
IMT4772 3.7 AUTUMN 2017
More on the course
Facts

Version: 1
Credits:  7.5 SP
Study level: Second degree level

Coursework

Term no.: 1
Teaching semester:  SPRING 2025

Language of instruction: English

Location: Gjøvik , Trondheim

Subject area(s)
  • Information Security
Contact information
Course coordinator:

Department with academic responsibility
Department of Information Security and Communication Technology

Examination

Examination arrangement: Aggregate score

Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
Spring ORD School exam 60/100 INSPERA
Room Building Number of candidates
Spring ORD Project report 40/100 INSPERA
Room Building Number of candidates
Summer UTS School exam 60/100 INSPERA
Room Building Number of candidates
  • * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
Examination

For more information regarding registration for examination and examination procedures, see "Innsida - Exams"

More on examinations at NTNU