Security Planning and Incident Management
2009-2010 - IMT4841 - 10 ECTS

Expected learning outcomes

The student shall after the course be able to create policies and procedures for contingency plans, as well as lead the planning process. This requires that the student must achieve a thorough understanding of why incident reporting systems are needed, how they work and how to plan and conduct investigations. Furthermore, the student should have a good overview over the most well known organizational problems within incident reporting systems. The student should also be able to plan for and handle large and small disasters. To handle disasters the students also need to know business continuity planning.


1. Introduction and Overview of Contingency Planning
2. Planning for Organizational Readiness: Risk management, limits to risk management, incident reporting systems, business impact analysis
3. Incident Response: Preparation, organization, prevention, detection, notification, reaction, recovery, maintenance, operational problems for CSIRTS and organizational models for CSIRTs
4. Disaster Recovery: Preparation, implementation, operation and maintenance
5. Business Continuity: Preparation, implementation, operations and Maintenance
6. Crisis Management and Human Factors

Teaching Methods

Project work

Form(s) of Assessment

Written exam, 3 hours
Evaluation of Project(s)

Form(s) of Assessment (additional text)

Assessment: An overall evaluation based on a 100 point scale, where project work counts 50 points and final written exam counts 50 points. A minimum of 18 points have to be gained on the final exam. Conversion from 100 point scale to A-F scale according to recommended conversion table. In specific circumstances, emneansvarlig can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

The lecturer performs the evaulations.

Re-sit examination

For the final exam: Ordinary re-sit examnination.

Examination support

Dictionary: English-Norwegian or English-other language

Coursework Requirements

One project (the exam project).

Teaching Materials

Michael Whitman og Herbert Mattord: Principles of Incident Response and Disaster Recovery. Thomson, 2007.

Additional litterature will be handed out.