Organizational and Human Aspects of Information Security
- 5 ECTS
On the basis of
Basic understanding of risk analysis and risk assessment. Basic knowledge in technical configuration of security devices such as firewall, IDS, IAM etc
Expected learning outcomes
In general, this course gives a very practical view of the main task of a corporate security office. The experience of the security office of more than five fortune 500 enterprises is woven in the content and exercises and project work. The influence of the corporate security office on security implementation and configuration will be studied using typical real situations.
Having completed the course, the student should have
• A sound understanding of corporate organisations and policies, and how the security is embedded into organisation, processes and corporate documentation framework. He will be able to plan the set of required security documentations and to implement enterprise specific security organisation and security policies
• an understanding practical awareness and the ability to plan a corporate awareness campaign
• an understanding of security culture and its meaning. The student will be enabled to describe a target security culture and to make an implementation plan for a turn around
• the ability to distinguish between responsibility and delegation. The student will be enabled to provide security in an unfriendly environment with budget constraints and “lack of enthusiasm” for security.
• an understanding of security strategy, security innovation process and its implementation.
• an understanding of future research topic identification and its processes as implemented in European Commission (www.parsicfalproject.eu www.ci2rco.org )
The course will cover a selection the following or similar topics
• overview of practical information security management with special focus on human and organisational aspects
• case studies of practical information security policy, strategy, culture, organisation
• defining the various key roles in corporate security management and how they interact
• planning of key elements of corporate security framework
• Security innovation process in enterprises and research.
Teaching Methods (additional text)
Lectures, seminars or guided self study, role games, project work, depending on the number of students: Term paper(s)
Form(s) of Assessment
Oral exam, individually
Form(s) of Assessment (additional text)
• Oral examination: for 30 minutes, if the number of students is too big, it will be turned to a written exam (70%)
• Term paper(s): (30%)
• Pass decision is on the cumulative grade.
Alphabetical Scale, A(best) – F (fail)
Evaluated by the lecturer
A new term paper must be provided and the examination must be re-sat.
PPT Presentation on project work (part of the examination)
In case there will be less than 5 students that will apply for the course, it will be at the discretion of Studieprogramansvarlig whether the course will be offered or not an if yes, in which form.