Security as Continuous Improvement
2009-2010 - IMT4651 - 5 ECTS

Prerequisite(s)

IMT4661 - Security Management Dynamics

Expected learning outcomes

Already the BS7799/ISO17799 standards encouraged viewing security as quality improvement. Some years later and after the extensions to the ISO27000 family, security as a continuous improvement process is not yet a mainstream activity.

The emphasis of this course is on identifying the systemic obstacles in the implementation path of continuous improvement of processes (“the quality improvement paradox”). Then, to apply this insights to redesign security management to achieve continuous improvement.

Topic(s)

The quality improvement paradox

Security and quality improvement processes

Improving the Performance of Computer Security Incident Response Teams (CSIRTs)

Incident reporting systems and Learning from incidents

Security risks in the transition to Integrated Operations

Security-dependent safety. Continuous improvement of security in Critical Infrastructure

Teaching Methods

Lectures
Exercises
Project work

Teaching Methods (additional text)

Web-enabled course with forum

Form(s) of Assessment

Multiple Choice Test(s)
Evaluation of Project(s)

Form(s) of Assessment (additional text)

Two multiple choice exams counting each 15%

Two individual projects (papers) counting each 35%

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by the lecturer

Re-sit examination

The whole subject must be repeated

Coursework Requirements

The course requires active participation in projects – both in class and outside class.

Hands-on modelling exercises during class are best carried out in computer lab.

Students are encouraged to bring laptops to the classroom.

Teaching Materials

Written material will be given/sent to the students during the semester.