course-details-portlet

IMT4129

Risk Management for Information Security

Choose study year
Credits 7.5
Level Second degree level
Course start Spring 2025
Duration 1 semester
Language of instruction English
Location Gjøvik and Trondheim
Examination arrangement Aggregate score

About

About the course

Course content

  • Relationship to governance and management
  • Selected Risk Management Method(s)
  • Classifications of Risk Management methods
  • Risk, Threat and vulnerability discovery
  • Information security controls
  • Decision theory -Uncertainty -Game theory
  • Other topics considered useful in the context of risk management for information security

Learning outcome

The focus of this course is 'cost effective information security'. In particular, it addresses the following UN Sustainability Development Goals:

Goal 8, target 8.2: Achieve higher levels of economic productivity through diversification, technological upgrading and innovation, including through a focus on high-value added and labour-intensive sectors.

Goal 12: Sustainable consumption and production is about doing more and better with less. It is also about decoupling economic growth from environmental degradation, increasing resource efficiency and promoting sustainable lifestyles.

Thus, having completed this course, the student will be able to contribute to employer performance with respect to both goal 8, target 8.2 and goal 12. In terms of learning outcomes, this is operationalized as follows:

Knowledge:

  • Possesses advanced knowledge on the relationship between Management and Information Security Risk Management.
  • Possesses advanced knowledge on concepts and techniques utilized in selected information security risk management methods.
  • Possesses advanced knowledge of selected challenges facing the risk analyst.

Skills:

  • Is able to perform Information Security Risk Management tasks to support the overall organizational objectives.
  • Is able to justify Information Security Management decisions through deductive arguments based on sound scientific principles.
  • Is able to challenge established practices/views held by other practitioners.

General competence:

  • Advanced level of understanding of selected assumptions/principles and models on which risk analysis methods are/should be based.

Learning methods and activities

Lectures, Seminar(s), Group work, Project work, Reverse class-room, Multiple choice tests/quizzes, PBL, Presentation of student projects by students, Student/peer assessments.

Mandatory activities are valid only for the term when they are completed.

Mandatory activities that each student is required to complete ahead of the exam:

  • EPN-OBLIG1: A scenario/case description must be submitted within 10 days of the first lecture.
  • EPN-OBLIG2: Several multiple choice/ quizzes must be completed with a score above a given threshold. Minimum requirement is 25% of max achievable score..
  • EPN-OBLIG3: Students must actively participate in at least 5 seminars through presentation of written material and participation in oral discussions. The students must document this participation in writing and hand in this documentation as part of their compulsory assignments.
  • EPN-OBLIG4: Students must complete 4 peer assessment 'rounds'. Each round includes handing in written material to be assessed and also completing assessments of hand-ins provided by fellow students. Hand-ins and assessments must be completed and handed in by deadlines provided by the course responsible..

Compulsory assignments

  • EPN-OBLIG1 Scenario
  • EPN-OBLIG2 Quiz
  • EPN-OBLIG3 Active participation
  • EPN-OBLIG4: Student peer evaluation

Further on evaluation

Only students that have successfully completed all mandatory activities will be permitted to do the exam. The course practices continuous evaluation thus, solutions to multiple choice tests will not be published.

Re-sit:

  • The student must design a new scenario/case and all reports must be re-submitted, based on the new case, next time the course is offered. Other mandatory activities must also be completed.
  • Re-sit examination for the written examination in August.

Retake: All partial assessments and mandatory activities must be re-done.

Forms of assessment:

  • Group project reports / individual reports (40%)
  • Written exam 5 h (60%).

OS1-1 (Project report) must be passed for students to be permitted to do the written exam OS1-2.

To pass the course, both OS1-1 and OS1-2 must be passed.

If there is a complaint on an F in OS1-1, and the complaint cannot be processed ahead of the date of OS1-2, the student may be permitted to sit the exam. If the conclusion of the complaint is 'F or OS1-2 is failed, the complete course must be re-taken next time the course is offered. ,

Mandatory activities OBLIG1, OBLIG2, OBLIG3, OBLIG4 are only valid for the term when they have been approved.

Specific conditions

Admission to a programme of study is required:
Information Security (MIS)
Information Security (MISD)

Required previous knowledge

Must have completed IMT4115 - Introduction to information security management.

Course materials

Papers and reports available electronically through NTNU library, Google Scholar etc.

Credit reductions

Course code Reduction From
IMT4762 3.7 sp Autumn 2017
IMT4772 3.7 sp Autumn 2017
This course has academic overlap with the courses in the table above. If you take overlapping courses, you will receive a credit reduction in the course where you have the lowest grade. If the grades are the same, the reduction will be applied to the course completed most recently.

Subject areas

  • Information Security

Contact information

Course coordinator

Department with academic responsibility

Department of Information Security and Communication Technology