Security Planning and Incident Handling
2009-2010 - IMT3521 - 10 ECTS

Expected learning outcomes

The student shall after the end of the course understand the components of contingency planning. This includes the role of policies and procedures, as well as a basic understanding of incident reporting systems. To achieve such an understanding, an introduction to how incident reporting systems work and how to plan and conduct investigations will be given. Furthermore, the student needs to have a good overview of known organizatonal problems within incident reporting systems. The student should also have a good understanding of how to plan and handle large and small disasters. In conjunction with this, the student must also know business continuity planning.


1. Introduction and Overview of Contingency Planning
2. Planning for Organizational Readiness: Risk management, limits to risk management, incident reporting systems, business impact analysis
3. Incident Response: Preparation, organization, prevention, detection, notification, reaction, recovery, maintenance, operational problems for CSIRTS and organizational models for CSIRTs
4. Disaster Recovery: Preparation, implementation, operation and maintenance
5. Business Continuity: Preparation, implementation, operations and Maintenance
6. Crisis Management and Human Factors

Teaching Methods

Group works
Project work

Form(s) of Assessment

Written exam, 3 hours
Evaluation of Project(s)

Form(s) of Assessment (additional text)

Assessment: An overall evaluation based on a 100 point scale, where project work counts 50 points and final written exam counts 50 points. A minimum of 18 points have to be gained on the final exam. Conversion from 100 point scale to A-F scale according to recommended conversion table. In specific circumstances, emneansvarlig can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

The lecturer will evaluate the exams.

Re-sit examination

No re-sit examination. The entire course has to be redone.

Examination support

English-Norwegian or English-other language dictionary

Teaching Materials

Michael Whitman og Herbert Mattord: Principles of Incident Response and Disaster Recovery. Thomson, 2007.

Additional litterature will be handed out.