Foundations of Information Security Management
2009-2010 - IMT4941 - 5 ECTS

Expected learning outcomes

Having completed the course, the student should have

  • sound understanding of the task of an information security officer
  • sound understanding of information security management standards and models as well as their applicability and limits
  • good understanding of adversary and adversary behavioural models
  • the ability to create, assess, and evaluate metrics for information security and the management thereof, including using statistical methods
  • an understanding of the interrelationship between information security and overall corporate security and risk management
  • an understanding of how organizational security and its policies are translated into security controls.
  • a good understanding of information sharing models for security officers


  • Security documentation including security policies and concepts
  • Information security management frameworks
  • Interactions between corporate security and risk management and information security management and its implementation in security controls, respectively
  • Adversary and adversary behaviour models
  • Metrics for information security and their assessement
  • Information sharing concepts and problems

Teaching Methods


Teaching Methods (additional text)

Term paper (potentially based on simulation tool)

Form(s) of Assessment


Form(s) of Assessment (additional text)

  • Written exam: 50%
  • Term paper: 50%
  • Pass decision is on the cumulative grade.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by external examiner.

Re-sit examination

A new term paper must be provided next autumn. For the exam: Ordinary re-sit examnination.

Examination support

Dictionary, simple calculator

Coursework Requirements


Teaching Materials

Materials from the professors and selected webpages.

Selected chapters of the following textbooks are helpful references; further recommended reading is provided in the course syllabus.

M. Bishop:

Computer Security: Art and Science.

Addison-Wesley, 2003.

C. Pfleeger, S. Pfleeger

Security in Computing, 4th ed.

Prentice Hall, 2006

A. Kott, W. McEneaney:

Adversarial Reasoning: Computational Approaches to Reading the Opponent’s Mind.

Chapman & Hall, 2006

Additional information

Capacity of the course is limited to 24 students for the first course, unless explicitly arranged by lecturer.