Security as Continuous Improvement
2011-2012 - IMT4651 - 5 ECTS

Prerequisite(s)

IMT4661 - Security Management Dynamics

Having completed the course, the students will be able to:

Understand the relation between security standards for information organizations and quality improvement
Understand and be able to analyze the “quality improvement paradox”, i.e., the reason why a majority of attempts to accomplish quality improvement is frustrated owing to counterintuitive systemic reactions
Analyze cases in information security management so as to detect impediments to continuous improvement of security
Apply these concepts in practice to several important cases (such as security incident reporting systems, Computer Security Incident Response Teams, business continuity, resilience, Critical Infrastructure Protection)

The quality improvement paradox
Security and quality improvement processes
Improving the Performance of Computer Security Incident Response Teams (CSIRTs)
Incident reporting systems and Learning from incidents
Security risks in the transition to Integrated Operations
Security-dependent safety. Continuous improvement of security in Critical Infrastructure

Lectures
Exercises
Project work

Web-enabled course with forum

Multiple Choice Test(s)
Evaluation of Project(s)

Alphabetical Scale, A(best) – F (fail)

Evaluated by the lecturer

The whole course must be repeated

The course requires active participation in projects – both in class and outside class.

Hands-on modelling exercises during class are best carried out in computer lab.

Students are encouraged to bring laptops to the classroom.

Written material will be given/sent to the students during the semester.