Examination arrangement

Course content

• Relationship to governance and management
• Selected Risk Management Method(s)
• Classifications of Risk Management methods
• Risk, Threat and vulnerability discovery
• Information security controls
• Decision theory -Uncertainty -Game theory
• Other topics considered useful in the context of risk management for information security

Learning outcome

The focus of this course is 'cost effective information security'. In particular, it addresses the following UN Sustainability Development Goals:

Goal 8, target 8.2: Achieve higher levels of economic productivity through diversification, technological upgrading and innovation, including through a focus on high-value added and labour-intensive sectors.

Goal 12: Sustainable consumption and production is about doing more and better with less. It is also about decoupling economic growth from environmental degradation, increasing resource efficiency and promoting sustainable lifestyles.

Thus, having completed this course, the student will be able to contribute to employer performance with respect to both goal 8, target 8.2 and goal 12. In terms of learning outcomes, this is operationalized as follows:

Knowledge:

• Possesses advanced knowledge on the relationship between Management and Information Security Risk Management.
• Possesses advanced knowledge on concepts and techniques utilized in selected information security risk management methods.
• Possesses advanced knowledge of selected challenges facing the risk analyst.

Skills:

• Is able to perform Information Security Risk Management tasks to support the overall organizational objectives.
• Is able to justify Information Security Management decisions through deductive arguments based on sound scientific principles.
• Is able to challenge established practices/views held by other practitioners.

General competence:

• Advanced level of understanding of selected assumptions/principles and models on which risk analysis methods are/should be based.

Learning methods and activities

Lectures, Seminar(s), Group work, Project work, Reverse class-room, Multiple choice tests/quizzes, PBL, Presentation of student projects by students, Student/peer assessments.

Mandatory activities are valid only for the term when they are completed.

Mandatory activities that each student is required to complete ahead of the exam:

• EPN-OBLIG1: A scenario/case description must be submitted within 10 days of the first lecture.
• EPN-OBLIG2: Several multiple choice/ quizzes must be completed with a score above a given threshold. Minimum requirement is 25% of max achievable score..
• EPN-OBLIG3: Students must actively participate in at least 5 seminars through presentation of written material and participation in oral discussions. The students must document this participation in writing and hand in this documentation as part of their compulsory assignments.
• EPN-OBLIG4: Students must complete 4 peer assessment 'rounds'. Each round includes handing in written material to be assessed and also completing assessments of hand-ins provided by fellow students. Hand-ins and assessments must be completed and handed in by deadlines provided by the course responsible..

Compulsory assignments

• EPN-OBLIG1 Scenario
• EPN-OBLIG2 Quiz
• EPN-OBLIG3 Active participation
• EPN-OBLIG4: Student peer evaluation

Further on evaluation

Only students that have successfully completed all mandatory activities will be permitted to do the exam. The course practices continuous evaluation thus, solutions to multiple choice tests will not be published.

Re-sit:

• The student must design a new scenario/case and all reports must be re-submitted, based on the new case, next time the course is offered. Other mandatory activities must also be completed.
• Re-sit examination for the written examination in August.

Retake: All partial assessments and mandatory activities must be re-done.

Forms of assessment:

• Group project reports / individual reports (40%)
• Written exam 5 h (60%).

OS1-1 (Project report) must be passed for students to be permitted to do the written exam OS1-2.

To pass the course, both OS1-1 and OS1-2 must be passed.

If there is a complaint on an F in OS1-1, and the complaint cannot be processed ahead of the date of OS1-2, the student may be permitted to sit the exam. If the conclusion of the complaint is 'F or OS1-2 is failed, the complete course must be re-taken next time the course is offered. ,

Mandatory activities OBLIG1, OBLIG2, OBLIG3, OBLIG4 are only valid for the term when they have been approved.

Specific conditions

Recommended previous knowledge

The course covers various technical/mathematical topics such as e.g. present value, present value under uncertainty, uncertainty propagation, decision theory and game theory. Students are strongly recommended to obtain the following skills before registering for the course:

• Introductory statistics: Probabilities, conditional probabilities, probability distributions, cumulative distribution functions, normal, lognormal and uniform distributions, dependence/independence, Monte Carlo Simulations
• Introductory logic: Predicate calculus with logical connectives and quantifiers, some common 'laws'.
• Introductory programming : Preferably Python.
• Basic algebra : Solutions to multiple equations of multiple variables
• Basic mathematical analysis : Continuity, monotonicity, sets, closed intervals, orderings on R, differentiation/integration.

Students not possessing these skills may find it challenging to achieve the full learning objective for the course.

Required previous knowledge

Must have completed IMT4115 - Introduction to information security management.

Course materials

Papers and reports available electronically through NTNU library, Google Scholar etc.

Credit reductions