Introduction to security Planning and Incident Handling
2011-2012 - IMT3521 - 10 ECTS

Expected learning outcomes


The student understands contingency planning and its components. This includes the role of policies and procedures as well as risk assessment, business impact analysis, incident reporting and response and business resumption planning.

The student understands how to plan for and perform incident response.

The student understands known problems withing incident reporting systems.

The student has good overview of planning for business continuity of critical business systems.

The student can plan for and handle larger and smaller incidents and disasters.

The student can organize an incident response team in a manner that ensures good handling of incidents while also making sure staff burnout is avoided.

General Competence

The student has broad knowledge of security planning and incident response and is able to communicate this to others.

The student is able to handle the many conflicts between security and other fields that inevitably arise. Security procedures can for example be seen as cumbersome and ineffective, causing employees to disregard them. The student shall be able to reason and solve such problems.


1. Introduction and Overview of Contingency Planning
2. Planning for Organizational Readiness: Risk management, limits to risk management, incident reporting systems, business impact analysis
3. Incident Response: Preparation, organization, prevention, detection, notification, reaction, recovery, maintenance, operational problems for CSIRTS and organizational models for CSIRTs
4. Disaster Recovery: Preparation, implementation, operation and maintenance
5. Business Continuity: Preparation, implementation, operations and Maintenance
6. Crisis Management and Human Factors

Teaching Methods

Group works
Net Support Learning
Project work

Teaching Methods (additional text)

Group projects with supervision in addition to lectures.

Form(s) of Assessment

Written exam, 3 hours
Evaluation of Project(s)

Form(s) of Assessment (additional text)

Assessment: An overall evaluation based on a 100 point scale, where project work counts 50 points and final written exam counts 50 points. Conversion from 100 point scale to A-F scale according to recommended conversion table. In specific circumstances, emneansvarlig can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale. Both the project and the final exam must be passed to achieve a passing grade in the course.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Internal examiner.

Re-sit examination

No re-sit examination. The entire course has to be redone.

Examination support

English-Norwegian, other language-Norwegian or English-other language dictionary

Coursework Requirements

One larger group project must be completed during the semester.

Teaching Materials

Michael Whitman og Herbert Mattord: Principles of Incident Response and Disaster Recovery. Thomson, 2007.

Additional literature will be handed out or made available through Fronter.